12,633,390 members (31,969 online)
alternative version

96.3K views
35 bookmarked
Posted

# Data Encryption/Decryption using RijndaelManaged and PasswordDeriveBytes Classes

, 18 Jun 2006 CPOL
 Rate this:
A C# class for Ecrypting/Decrypting using .NET classes like RijndaelManaged and PasswordDeriveBytes

## Introduction

This article gives an insight into Symmetric Encryption and how it can be implemented in .NET. In the sample explained below, we are using the Rijindal symmetric encryption algorithm, which is available in `System.Security.Cryptography `namespace. It also illustrates the making of secret key using the `PasswordDeriveBytes `class. I have also provided a simple class which hosts the function for encryption and decryption.

## Why We Use Cryptography??

As everyone knows, cryptography is used to preserve some data so that it is not modified or readable to others. There are two types of cryptographic algorithms available: symmetric and asymmetric encryption.

## Symmetric (or Private-key) Encryption

Symmetric (or private-key) encryption uses a single key for both encryption and decryption. A compromised key can lead to complete failure of the security of a system. With symmetric algorithms, the security of the key is inversely proportional to the number of people who have the key.

## Asymmetric (or Public-key) Encryption

With asymmetric (or public-key) encryption, there are two mathematically related but independent keys, a public key and a private key. Information encrypted with the private key can only be decrypted with the corresponding public key, and information encrypted with the public key can only be decrypted with the corresponding private key.

### How Symmetric Algorithms Work ??

Symmetric algorithms of the type discussed in this article are block ciphers. They break cleartext up into blocks of a fixed size (in the case of the Rijndael algorithm, 16, 24, or 32 bytes) and perform iterative rearrangement and substitution on successive blocks. Rijndael is used for the CryptoUtility because it offers the greatest key length of the algorithms available natively from .NET—256 bits.

### Options for Symmetric Algorithms

Symmetric algorithms offer a number of options to control their operation. In most cases, you don't have to set these specifically as the chosen defaults are the most secure. However, it helps to understand what they're doing. The options for symmetric algorithms include the following:

Mode sets the cipher mode. For Rijndael, this is either Cipher Block Chaining (CBC) or Electronic Code Book (CB):

• CBC, the .NET default, is the most secure cipher mode. CBC performs an XOR operation on each block of cleartext with the previous cipher block before enciphering it. It also requires an Initialization Vector (IV), a random block of the same length as the algorithm's block size. The IV is used as a stand-in to perform Cipher Block Chaining on the first block of cleartext, since at that point there is no previous block. The IV ensures that repetition in the first block of cleartext does not result in similar repetition of the first block of ciphertext when the same key is used.
• ECB, the less-secure option, has each block enciphered independently. Repetition in the clear text may produce patterns in the cipher text, thereby weakening security.

### Creating Strong Keys

Predictable cryptographic keys, like predictable passwords, badly compromise the security of your application. Don't generate these keys by hand—humans are poor random number generators. Using the `System.Random` pseudo-random number generator is also not sufficient since its random sequences are deterministic and repeatable (hence the name "pseudo-random").

In the example, we will be creating a cryptographic key from a password which is a string. Starting with a plain-text, easily memorized passphrase, you can use the `PasswordDeriveBytes `class to generate a cryptographic key. This method is mainly useful when a user will input a passphrase, which will immediately perform encryption or decryption and then be discarded.

Another option is the use of `RNGCryptoServiceProvider `to generate strong keys. It generates cryptographically strong random numbers and is suitable for key and salt/IV generation. Though `RNGCyptoServiceProvider `is technically a pseudo-random generator, it is NIST-certified as cryptographically strong.

### Creating Strong Salt

Salt provides additional entropy (degree of disorder) to the cryptographic algorithm.

NB: In real case, never hard-code a password within your source code. This is because Hard coded passwords can be retrieved from an assembly using the MSIL Disassembler (Ildasm.exe) tool, a hex editor, or by simply opening up the assembly in a text editor like notepad.exe.

The following code snippet illustrates the creation of encrypter/decrypter:

```//Rinjindael object creation
RijndaelManaged RijndaelCipher = new RijndaelManaged();
byte[] PlainText = System.Text.Encoding.Unicode.GetBytes(InputText);

//Salt is created for additional degree of disorder in encrypted key

//This class uses an extension of the PBKDF1 algorithm defined
//in the PKCS#5 v2.0 standard to derive bytes suitable
//for use as key material from a password.
//The standard is documented in IETF RRC 2898.

//Creates a symmetric encryptor object.
ICryptoTransform Encryptor =
RijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32),...```

## History

• 19th June, 2006: Initial post

## Share

 Architect India
I'm working as a Technology Architect for a US based multinational company.I'm also a TOGAF certified enterprise architect working with microsoft technologies..

## You may also be interested in...

 Pro Pro

 First Prev Next
 My vote of 5 CuteD34th27-Jun-13 22:10 CuteD34th 27-Jun-13 22:10
 Very good Member 794342014-Aug-12 19:22 Member 7943420 14-Aug-12 19:22
 My vote of 5 RazorSharp129612-Aug-12 16:52 RazorSharp1296 12-Aug-12 16:52
 My vote of 5 WESTSEYI27-Jan-12 18:36 WESTSEYI 27-Jan-12 18:36
 My vote of 3 bharath kumar.M15-Jul-10 6:36 bharath kumar.M 15-Jul-10 6:36
 My vote of 1 Paresh Gheewala14-Jan-09 23:12 Paresh Gheewala 14-Jan-09 23:12
 Re: My vote of 1 Paul Coldrey18-Mar-09 13:56 Paul Coldrey 18-Mar-09 13:56
 Length not valid for a Base-64 char matrix. rafayahoo.es25-Jul-07 5:35 rafayahoo.es 25-Jul-07 5:35
 Re: Length not valid for a Base-64 char matrix. san_sani425-Jun-09 7:15 san_sani4 25-Jun-09 7:15
 MSIL Encryption Himmett18-Jul-07 11:36 Himmett 18-Jul-07 11:36
 Thank you k_hammami200514-Mar-07 6:31 k_hammami2005 14-Mar-07 6:31
 Salt length for Rfc2898DeriveBytes class Michael Freidgeim9-Jan-07 17:58 Michael Freidgeim 9-Jan-07 17:58
 Same string for Password and Salt Michael Freidgeim9-Jan-07 14:15 Michael Freidgeim 9-Jan-07 14:15
 Re: Same string for Password and Salt Ennis Ray Lynch, Jr.9-Jan-07 14:38 Ennis Ray Lynch, Jr. 9-Jan-07 14:38
 Length of the data to decrypt is invalid. Beetle5419-Sep-06 17:21 Beetle54 19-Sep-06 17:21