Asymmetric Encryption in .Net
Asymmetric encryption allows conversion of simple text to cipher text (encrypted text) and vice versa. The key used for encryption is different from the key used for decryption. The keys together are known as the key pair. Typically one key is kept private and the other key is made public. A message encrypted with one’s public key can only be decrypted with his private key. This allows secure communication of messages. For example, a sender can encrypt their message using the recipient’s public key. The message can only be decrypted by the recipient because the recipient’s private key is only known only to the recipient.
This code project shows how the asymmetric encryption can be used to encrypt and decrypt a string. It also displays how to extract and display the public and private keys. The project is organized as a simple VB.Net windows forms project with one form. The form controls are self explanatory.
The project requires adding a reference to System.Security assembly. The .Net framework supports only the RSA asymmetric encryption and the main class that performs this function is RSACryptoServiceProvider. This project instantiates an object of this type using the default constructor. The runtime creates this class with a random key pair and uses the same for encrypting and decrypting messages. For displaying encrypted string, I have used ‘Convert.ToBase64String’ function. This is to make sure the encrypted characters are human-readable. Converting characters to base 64 string has nothing to do with encryption or decryption.
Another important point to note is that there are very few lines of code that are required for the encryption or decryption. .Net classes are wrappers for the windows crypto API that was introduced with Windows 2000. All newer operating systems include this API.
Even though this is self-explanatory, the application can be tested as follows.
a) Enter a plain text and click encrypt button. The system will display encrypted text.
Here is the code:
'get the clear text and convert it to byte array using UTF8 or the default encoding format
PlainTextBytes = System.Text.Encoding.UTF8.GetBytes(TextBoxOriginal.Text)
'encrypt the text
CipherTextBytes = MyAsymmetricAlgorithm.Encrypt(PlainTextBytes, True)
'base64 encode the ciphertext just for display purpose
TextBoxEncrypted.Text = Convert.ToBase64String(CipherTextBytes)
b) To test decryption, you should delete the text in the original textbox and click decrypt button. This should fill the original textbox with the text that you initially entered.
Here is the code:
'get the decrypted clear text byte array
PlainTextBytes = MyAsymmetricAlgorithm.Decrypt(CipherTextBytes, True)
'convert the byte array to text using the same encoding format that was used for encryption
TextBoxOriginal.Text = System.Text.Encoding.UTF8.GetString(PlainTextBytes)
c) To view the public and private keys, you can click Showkeys button anytime.
‘Create a RSAParameters type
Dim MyParameters As RSAParameters = New RSAParameters
‘export the key and other algorithm values
MyParameters = MyAsymmetricAlgorithm.ExportParameters(True)
'display the private key. Base64 encode the text to make display easier
TextBoxPrivateKey.Text = Convert.ToBase64String(MyParameters.D)
'display the public key. Base64 encode the text to make display easier
TextBoxPublicKey.Text = Convert.ToBase64String(MyParameters.Modulus)
Please note that RSACryptoServiceProvider is defined as an instance variable of the form. So the same instance of the class is used for both encryption and decryption. If you create separate instances of RSACryptoServiceProvider for both encryption and decryption, you’ll get instances with different default key pair and so the decryption will not work. Other option is to programmatically store and set the keys in the RSACryptoServiceProvider instance. We strongly recommend using MyAsymmetricAlgorithm.Clear() to release the resources held by the wrapper RSACryptoServiceProvider instance.