Chapter 12-Lesson 3

• Rijndael Symmetric Algorithm is the government standard for encryption in US, also called AES (Advanced Encryption Standard). This is also the safest of all symmetric encryption systems available in .NET 2.0
• AES is the only class written in managed code in .NET 2.0. Other symmetric key algorithms call unmanaged code.
• System.Security.Cryptography namespace is required.
• Data Encryption Standard (DES) uses 56 bit keys while AES uses 128 - 256 bit keys.
• TripleDES applies DES three times and uses 156 bits, of which only 112 bits are effectively used for encryption.
• All these classes derive from SymmetricAlgorithm class.
• IV (Initialization Vector) property of any of these classes must be set same for both Encryptor and Decryptor.
• To change cipher mode (such as CBC, Cipher Block Chaining) use Mode property.
• See Best Practice on page 749.
• If we wish to convert a user-defined password into a Key, we may use Rfc2898DeriveBytes class. This class (which is new to .NET 2.0) works the same as the older PasswordDeriveBytes class (which is not based on standards)
• Both KeySize and BlockSize properties are defined as a number of bits.
• CryptoStream class defines the Stream the would encrypt source bytes to a destination Stream.
• After the source bytes are encrypted, the Key and IV must be stored in order to decrypt the data.
• HTTPS and SSL use Asymmetric Algorithms to exchange Symmetric Keys and then use Symmetric Encryption Algorithms for rest of the communications. The reason is that although Asymmetric Algorithms are more secure, they carry a performance overhead and are not suitable for large data.
• Although a typical symmetric key is 182 bits, the .NET Framework implementation of the RSA algorithm supports key lengths from 384 through 16384 bits.
• RSAParameters is a structure.
• RSACryptoServiceProvider class is used for encrypting and decrypting data with RSA Algorithm.
• ExportParameter( ) method of the above class would publish public and/or private key as RSAParameters structure.
• System.Text.Encoding.Unicode.GetBytes( ) method is used to convert a string into a byte array and System.Text.Encoding.Unicode.GetString( ) method reverts it back.
• Hashing classes derive from HashingAlgorithm base class.
• RIPEMD160 is new in .NET 2.0 and is intended as a replacement for MD5.
• HBMACSHA1 (Hash Based Message Authentication Code using Secure Hash Algorithm 1) produces a hash of size 20 bytes, whereas MACTripleDES produces hash of size 8 bytes.
• ComputeHash( ) method is used to find a hash for data that exists as a byte array. We may use BinaryReader class to read a file as a byte array.
• We may use DSACryptoServiceProvider or RSACruptoServiceProvider for Signing Data.