Today, let’s see what .NET was provided to developer like us about cryptography.
In this post, I’ll talk about a brief of cryptography. How .NEt handle it and how many way to do some cryptographic in .NET.
For sample of implementation, I’ll cover it all from basic encryption to decryption, hashing, using message authentication code (MAC), hash-based message authentication code (HMAC) and even Digital signature. But it’ll continue to the next part.
Here we’ll focus to the cryptography in System.Security.Cryptography namespace.
.NET has divided cryptography into three main functionality basis.
1. Basic cryptography – See about encrypt & decrypt.
2. Hashing algorithm – See about hash calculation.
3. Digital signature – See about digital signature to be used in data transfer on network.
Let’s talk a brief one-by-one. Begin with basic cryptography.
1. Basic Cryptography
It’s like what its name saids. It’s totally a basic function on cryptography. With basic cryptography like this, it have been divided into two sub models.
1.1 Symmetric Key
Someone call this “Secret Key” but in theoritical, it usually named as “Symmetric Key” in term.
With this model, the person who want to encrypt the data required a single key called “Secret Key” in encryption process. Someone call this key as “Private Key”. It’s equal in meaning.
When people want to decrypt the data, they need to use the “Secret Key” that used to encrypt the data.
This all means both encryptor and decryptor should have the same “Secret Key” to work properly.
This wasn’t much secured because you need to give away the “Key” to public people to encrypt the data and send back to you. So with this model, we’ll have a higher risk to be attacked by man-in-the-middle method. As he may know the “Key” that we distributes. This known as weakness of symmetric key model.
1.2 Asymmetric Keys
Someone call this “Public Key Cryptographic System” or “PKCS”. As you may seen its name “Asymmetric Keys”. See the “Keys” not a “Key”. This extra “s” means we’ll have more than one key in this model. This requires a pair of keys.
The first one we call it “Public Key” and the second one is “Private Key”.
“Public Key” will be distributed to public people who want to encrypt the data and send back to us.
The only thing you should know about “Public Key” is that it should be used to encrypt data only. It’s unable to decrypt the data that have been encrypt by itself.
When you want to decrypt it, you should use “Private Key” only. This means, the data collector will keep “Private Key” alone and no need to distribute “Private Key” to anyone except himself.
This model will lowering the risk of man-in-the-middle attack. It’s all because the data collector people not need to distribute “Private Key”. So, It’s much easier to keep it confidential.
All we’ve talk is about the basic cryptography. The next part I’ll cover into the next topic. Hashing algorithm in brief.
I’ll try to finish all brief on MAC, HMAC and Digital signature in the next part. After that, we’ll play with the sample code in real world case study. And not theoritically-based at all, because I hate theoritically sample!
See yah next part.