The CryptoEx library provides various coding, hash and encryption algorithms. It
will run on the device and desktop and requires .NET 2.0. This documentation refers
to version 1.2 of the library.
Coding
This library offers the ability to encode/decode binary to and from Base64 encoding.
This is an encoding scheme that encodes binary data by treating it numerically and
translating it into a base 64 representation which is printable This means that the data
is unlikely to be modified in transit through systems, such as email, which were
traditionally not 8-bit clean. Base64 uses A–Z, a–z, 0–9, + and / for the 64 printable
characters.
Hash Values
Hash algorithms map binary values of an arbitrary length to small binary values of a
fixed length, known as hash values. A hash value is a unique and extremely compact
numerical representation of a piece of data. If you hash a paragraph of plain text and
change even one letter of the paragraph, a subsequent hash will produce a different
value. It is computationally improbable to find two distinct inputs that hash to the
same value.
Message authentication code (MAC) hash functions are commonly used with digital
signatures to sign data, while message detection code (MDC) hash functions are used
for data integrity.
Two parties (Alice and Bob) might use a hash function in the following way to ensure
data integrity. If Alice writes a message for Bob and creates a hash of that message,
Bob can then hash the message at a later time and compare his hash to the original
hash. If the hash values are identical, then the message was not altered; however, if
the values are not identical, the message was altered after Alice wrote it. For this
system to work, Alice must hide the original hash value from all parties except Bob.
The hashing functions provided here are MD5 (Message Digest 5) and SHA 1 (Secure
Hash Algorithm 1).The hash size for the MD5CryptoServiceProvider class is 128 bits
and that for the SHA1 algorithm is 160 bits.
Symmetric or Secret-Key Encryption
Secret-key encryption algorithms use a single secret key to encrypt and decrypt data.
You must secure the key from access by unauthorized agents because any party that
has the key can use it to decrypt data. Secret-key encryption is also referred to as
symmetric encryption because the same key is used for encryption and decryption.
Secret-key encryption algorithms are extremely fast (compared to public-key
algorithms) and are well suited for performing cryptographic transformations on large
streams of data.
Typically, secret-key algorithms, called block ciphers, are used to encrypt one block
of data at a time. Block ciphers (like RC2, DES, TripleDES, and Rijndael)
cryptographically transform an input block of n bytes into an output block of
encrypted bytes. If you want to encrypt or decrypt a sequence of bytes, you have to do
it block by block. Because n is small (n = 8 bytes for RC2, DES, and TripleDES; n =
16 [the default], n = 24, or n = 32 bytes for Rijndael), data values larger than n have to
be encrypted one block at a time.
The block cipher classes provided in this library use a chaining mode called cipher
block chaining (CBC), which uses a key and an initialization vector (IV) to perform
cryptographic transformations on data. For a given secret key k, a simple block cipher
that does not use an initialization vector will encrypt the same input block of plain
text into the same output block of cipher text. If you have duplicate blocks within
your plain text stream, you will have duplicate blocks within your cipher text stream.
If unauthorized users know anything about the structure of a block of your plain text,
they can use that information to decipher the known cipher text block and possibly
recover your key. To combat this problem, information from the previous block is
mixed into the process of encrypting the next block. Thus, the output of two identical
plain text blocks is different. Because this technique uses the previous block to
encrypt the next block, an IV is used to encrypt the first block of data. Using this
system, common message headers that might be known to an unauthorized user
cannot be used to reverse engineer a key.
Asymmetric or Public-Key Encryption
Public-key encryption uses a private key that must be kept secret from unauthorized
users and a public key that can be made public to anyone. The public key and the
private key are mathematically linked; data encrypted with the public key can be
decrypted only with the private key, and data signed with the private key can be
verified only with the public key. The public key can be made available to anyone; it
is used for encrypting data to be sent to the keeper of the private key. Both keys are
unique to the communication session. Public-key cryptographic algorithms are also
known as asymmetric algorithms because one key is required to encrypt data while
another is required to decrypt data.
Public-key cryptographic algorithms use a fixed buffer size whereas secret-key
cryptographic algorithms use a variable-length buffer. Public-key algorithms cannot
be used to chain data together into streams the way secret-key algorithms can because
only small amounts of data can be encrypted. Therefore, asymmetric operations do
not use the same streaming model as symmetric operations.
Two parties (Alice and Bob) might use public-key encryption as follows. First, Alice
generates a public/private key pair. If Bob wants to send Alice an encrypted message,
he asks her for her public key. Alice sends Bob her public key over an insecure
network and Bob uses this key to encrypt a message. (If Bob received Alice's key
over an insecure channel, such as a public network, Bob must verify with Alice that
he has a correct copy of her public key.) Bob sends the encrypted message to Alice
and she decrypts it using her private key.
During the transmission of Alice's public key, however, an unauthorized agent might
intercept the key. Furthermore, the same agent might intercept the encrypted message
from Bob. However, the agent cannot decrypt the message with the public key. The
message can only be decrypted with Alice's private key, which has not been
transmitted. Alice does not use her private key to encrypt a reply message to Bob,
because anyone with the public key could decrypt the message. If Alice wants to send
a message back to Bob, she asks Bob for his public key and encrypts her message
using that public key. Bob then decrypts the message using his associated private key.
In a real world scenario, Alice and Bob use public key (asymmetric) encryption to
transfer a secret (symmetric) key and use secret key encryption for the remainder of
their session.
(c) Andrew Graham - 2008