Click here to Skip to main content
13,293,474 members (64,127 online)
Click here to Skip to main content
Add your own
alternative version


35 bookmarked
Posted 18 Jun 2006

Data Encryption/Decryption using RijndaelManaged and PasswordDeriveBytes Classes

, 18 Jun 2006
Rate this:
Please Sign up or sign in to vote.
A C# class for Ecrypting/Decrypting using .NET classes like RijndaelManaged and PasswordDeriveBytes


This article gives an insight into Symmetric Encryption and how it can be implemented in .NET. In the sample explained below, we are using the Rijindal symmetric encryption algorithm, which is available in System.Security.Cryptography namespace. It also illustrates the making of secret key using the PasswordDeriveBytes class. I have also provided a simple class which hosts the function for encryption and decryption.

Why We Use Cryptography??

As everyone knows, cryptography is used to preserve some data so that it is not modified or readable to others. There are two types of cryptographic algorithms available: symmetric and asymmetric encryption.

Symmetric (or Private-key) Encryption

Symmetric (or private-key) encryption uses a single key for both encryption and decryption. A compromised key can lead to complete failure of the security of a system. With symmetric algorithms, the security of the key is inversely proportional to the number of people who have the key.

Asymmetric (or Public-key) Encryption

With asymmetric (or public-key) encryption, there are two mathematically related but independent keys, a public key and a private key. Information encrypted with the private key can only be decrypted with the corresponding public key, and information encrypted with the public key can only be decrypted with the corresponding private key.

How Symmetric Algorithms Work ??

Symmetric algorithms of the type discussed in this article are block ciphers. They break cleartext up into blocks of a fixed size (in the case of the Rijndael algorithm, 16, 24, or 32 bytes) and perform iterative rearrangement and substitution on successive blocks. Rijndael is used for the CryptoUtility because it offers the greatest key length of the algorithms available natively from .NET—256 bits.

Options for Symmetric Algorithms

Symmetric algorithms offer a number of options to control their operation. In most cases, you don't have to set these specifically as the chosen defaults are the most secure. However, it helps to understand what they're doing. The options for symmetric algorithms include the following:

Mode sets the cipher mode. For Rijndael, this is either Cipher Block Chaining (CBC) or Electronic Code Book (CB):

  • CBC, the .NET default, is the most secure cipher mode. CBC performs an XOR operation on each block of cleartext with the previous cipher block before enciphering it. It also requires an Initialization Vector (IV), a random block of the same length as the algorithm's block size. The IV is used as a stand-in to perform Cipher Block Chaining on the first block of cleartext, since at that point there is no previous block. The IV ensures that repetition in the first block of cleartext does not result in similar repetition of the first block of ciphertext when the same key is used.
  • ECB, the less-secure option, has each block enciphered independently. Repetition in the clear text may produce patterns in the cipher text, thereby weakening security.

Creating Strong Keys

Predictable cryptographic keys, like predictable passwords, badly compromise the security of your application. Don't generate these keys by hand—humans are poor random number generators. Using the System.Random pseudo-random number generator is also not sufficient since its random sequences are deterministic and repeatable (hence the name "pseudo-random").

In the example, we will be creating a cryptographic key from a password which is a string. Starting with a plain-text, easily memorized passphrase, you can use the PasswordDeriveBytes class to generate a cryptographic key. This method is mainly useful when a user will input a passphrase, which will immediately perform encryption or decryption and then be discarded.

Another option is the use of RNGCryptoServiceProvider to generate strong keys. It generates cryptographically strong random numbers and is suitable for key and salt/IV generation. Though RNGCyptoServiceProvider is technically a pseudo-random generator, it is NIST-certified as cryptographically strong.

Creating Strong Salt

Salt provides additional entropy (degree of disorder) to the cryptographic algorithm.

NB: In real case, never hard-code a password within your source code. This is because Hard coded passwords can be retrieved from an assembly using the MSIL Disassembler (Ildasm.exe) tool, a hex editor, or by simply opening up the assembly in a text editor like notepad.exe.

The following code snippet illustrates the creation of encrypter/decrypter:

//Rinjindael object creation
RijndaelManaged RijndaelCipher = new RijndaelManaged();
byte[] PlainText = System.Text.Encoding.Unicode.GetBytes(InputText);

//Salt is created for additional degree of disorder in encrypted key
byte[] Salt = Encoding.ASCII.GetBytes(Password.Length.ToString());

//This class uses an extension of the PBKDF1 algorithm defined 
//in the PKCS#5 v2.0 standard to derive bytes suitable 
//for use as key material from a password. 
//The standard is documented in IETF RRC 2898.
PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(Password, Salt);

//Creates a symmetric encryptor object. 
ICryptoTransform Encryptor = 

Please download the source file to see the full implementation.


  • 19th June, 2006: Initial post


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Nidheesh T Mani
India India
I'm working as a Technology Architect for a US based multinational company.I'm also a TOGAF certified enterprise architect working with microsoft technologies..

You may also be interested in...


Comments and Discussions

GeneralMy vote of 5 Pin
CuteD34th27-Jun-13 22:10
memberCuteD34th27-Jun-13 22:10 
GeneralVery good Pin
Member 794342014-Aug-12 19:22
memberMember 794342014-Aug-12 19:22 
GeneralMy vote of 5 Pin
RazorSharp129612-Aug-12 16:52
memberRazorSharp129612-Aug-12 16:52 
GeneralMy vote of 5 Pin
WESTSEYI27-Jan-12 18:36
memberWESTSEYI27-Jan-12 18:36 
GeneralMy vote of 3 Pin
bharath kumar.M15-Jul-10 6:36
memberbharath kumar.M15-Jul-10 6:36 
GeneralMy vote of 1 Pin
Paresh Gheewala14-Jan-09 23:12
memberParesh Gheewala14-Jan-09 23:12 
GeneralRe: My vote of 1 Pin
Paul Coldrey18-Mar-09 13:56
memberPaul Coldrey18-Mar-09 13:56 
GeneralLength not valid for a Base-64 char matrix. Pin
rafayahoo.es25-Jul-07 5:35
memberrafayahoo.es25-Jul-07 5:35 
AnswerRe: Length not valid for a Base-64 char matrix. Pin
san_sani425-Jun-09 7:15
membersan_sani425-Jun-09 7:15 
QuestionMSIL Encryption Pin
Himmett18-Jul-07 11:36
memberHimmett18-Jul-07 11:36 
GeneralThank you Pin
k_hammami200514-Mar-07 6:31
memberk_hammami200514-Mar-07 6:31 
GeneralSalt length for Rfc2898DeriveBytes class Pin
Michael Freidgeim9-Jan-07 17:58
memberMichael Freidgeim9-Jan-07 17:58 
QuestionSame string for Password and Salt Pin
Michael Freidgeim9-Jan-07 14:15
memberMichael Freidgeim9-Jan-07 14:15 
AnswerRe: Same string for Password and Salt Pin
Ennis Ray Lynch, Jr.9-Jan-07 14:38
memberEnnis Ray Lynch, Jr.9-Jan-07 14:38 
QuestionLength of the data to decrypt is invalid. Pin
Beetle5419-Sep-06 17:21
memberBeetle5419-Sep-06 17:21 
GeneralDownload Broken Pin
Mx226-Jun-06 4:10
memberMx226-Jun-06 4:10 
QuestionSource Link? Pin
fwsouthern19-Jun-06 16:57
memberfwsouthern19-Jun-06 16:57 
AnswerRe: Source Link? Pin
Nidheesh T Mani4-Jul-06 2:17
memberNidheesh T Mani4-Jul-06 2:17 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.171207.1 | Last Updated 19 Jun 2006
Article Copyright 2006 by Nidheesh T Mani
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid