Saturday, March 29, 2008

Symmetic Key Encryption using .NET and C#

There are two main types of encryption and decryption algorithms, symmetric and asymmetric. Asymmetric algorithms use a related key-pair to encrypt and decrypt data. One of the keys in the pair is typically called a public key while the other is called a private key. Data encrypted with a public key can only be decrypted with the private key, and vice-versa. PKI (public key infrastructure) is built based on asymmetric algorithm. RSA is a popular asymmetric algorithm.

On the other hand, in symmetric encryption, a secret key or password is used to scramble data. In order to decrypt the scrambled data, the same key has to be used. DES, Triple DES, RC2 and AES or Rijndael are examples of symmetric algorithms. Symmetric encryption algorithms will be discussed in detail here.

DES
It is based on While DES is well most well known, it is also oldest and least secure due to its relatively small key size. in January, 1999, distributed.net and the Electronic Frontier Foundation worked together and where able to break a DES key in 22 hours and 15 minutes using brute force attack..

Triple DES or TDES
The Data Encryption Standard (DES) was developed by an IBM team around 1974 and adopted as a national standard in 1977. It was developed after DES was found susceptible to brute force attack. Triple DES is a minor variation of this standard. Triple DES uses the original DES algorithm literally three times to encrypt data. TDES was chosen as a simple way to enlarge the key space without a need to switch to a new algorithm. In general TDES with three different keys (3-key TDES) has a key length of 168 bits: three 56-bit DES keys (with parity bits 3-key TDES has the total storage length of 192 bits), but due to the meet-in-the-middle attack the effective security it provides is only 112 bits. A variant, called two-key TDES (2-key TDES), uses k1 = k3, thus reducing the key size to 112 bits and the storage length to 128 bits. However, this mode is susceptible to certain chosen-plaintext or known-plaintext attacks and thus it is officially designated to have only 80-bits of security.

RC2
RC2 was designed by Ron Rivest in 1987 and stands for "Ron's Code" or "Rivest Cypher". It was designed as replacement for DES and was sponsored by Lotus. RC2 is a 64 bit block cypher with a variable key size, , from one byte up to 128 bytes. The algorithm is designed to be easy to implement on 16-bit microprocessors

AES or Rijndael
Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government. It has been analyzed extensively and is used worldwide. The cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted to the AES selection process under the name "Rijndael". AES is fast in both hardware and software and requires small memory. It has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits.
Strictly speaking, AES is not exactly Rijndael (although in verbal practice they are used interchangeably) as Rijndael supports a larger range of block and key sizes; AES has a fixed block size of 128 bits and a key size of 128, 192 or 256 bits, whereas Rijndael can be specified with key and block sizes in any multiple of 32 bits, with a minimum of 128 bits and a maximum of 256 bits. The greater the bit size specified, the more difficult it is to break the encryption algorithm and therefore, the more secure your data is

AES Example
public byte[] Encrypt(string text, string password)
{
Rijndael rij = Rijndael.Create();

/// Create Key and IV using PasswordDeriveBytes. The
/// PasswordDeriveBytes class uses an extension of the PBKDF1
/// algorithm defined in the PKCS#5 v2.0 standard to derive bytes
/// suitable for use as key material from a password. The
/// standard is documented in IETF RRC 2898
PasswordDeriveBytes secKey = new PasswordDeriveBytes(password,
Encoding.Unicode.GetBytes(password));

ICryptoTransform encryptor = rij.CreateEncryptor(secKey.GetBytes(32),
secKey.GetBytes(16));

MemoryStream ms = new MemoryStream();

CryptoStream cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write);
byte[] arrayText = Encoding.Unicode.GetBytes(text);
cs.Write(arrayText, 0, arrayText.Length);
cs.FlushFinalBlock();

byte[] encryptedBytes = ms.ToArray();

ms.Close();
cs.Close();

return encryptedBytes;
}

public string Decrypt(byte[] text, string password)
{
Rijndael rij = Rijndael.Create();
PasswordDeriveBytes secKey = new PasswordDeriveBytes(password,
Encoding.Unicode.GetBytes(password));

ICryptoTransform decryptor = rij.CreateDecryptor(secKey.GetBytes(32),
secKey.GetBytes(16));

MemoryStream ms = new MemoryStream(text);

CryptoStream cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read);

byte[] buffer = new byte[text.Length];
int count = cs.Read(buffer, 0, buffer.Length);

string plainText = Encoding.Unicode.GetString(buffer, 0, count);

return plainText;
}

1 comment:

Unknown said...

You have provided a rich guidance about symmetric key encryption algorithm in this post. I have bookmarked this article and will take help from it while learning about this concept.
digital signature software