Microsoft's .NET framework has robust support for encryption in the System.Security.Cryptography namespace.
Types of Encryption
There are basically three types of encryption
Whenever you create a new default constructor instance of the RSACryptoServiceProviderclass, it automatically creates a new set of public / private key information, ready to use.
However, if you want to re-use previously created keys, you can do this by initializing the class with a populated CspParameters object.
Dim cspParam as CspParameters = new CspParameters()
cspParam.Flags = CspProviderFlags.UseMachineKeyStore
Dim RSA As System.Security.Cryptography.RSACryptoServiceProvider
= New System.Security.Cryptography.RSACryptoServiceProvider(cspParam)
The key information from the cspParam object above can be saved via:
Dim publicKey as String = RSA.ToXmlString(False) ' gets the public key
Dim privateKey as String = RSA.ToXmlString(True) ' gets the private key
The above methods enable you to convert the public and / or private keys to Xml Strings. And of course, as you would guess, there is a corresponding FromXmlString method to get them back.
So to encrypt some data with the Public key. The no-parameter constructor is used as we are loading our keys from XML and do not need to create a new cspParams object:
Dim str as String = "HelloThere"
Dim RSA2 As RSACryptoServiceProvider = New RSACryptoServiceProvider()
' ---Load the private key---
Dim EncryptedStrAsByt() As Byte =RSA2.Encrypt(System.Text.Encoding.Unicode.GetBytes(str),False)
Dim EncryptedStrAsString = System.Text.Encoding.Unicode.GetString(EncryptedStrAsByt)
and as a "proof of concept", to DECRYPT the same data, but now using the Public key:
Dim RSA3 As RSACryptoServiceProvider = New RSACryptoServiceProvider(cspParam)
'---Load the Public key---
Dim DecryptedStrAsByt() As Byte =RSA3.Decrypt(System.Text.Encoding.Unicode.GetBytes(EncryptedStrAsString), False)
Dim DecryptedStrAsString = System.Text.Encoding.Unicode.GetString(DecryptedStrAsByt)
These algorithms use a single "key" for encryption / decryption
You either know the key or you don't. Because of this they are faster and more suited to one-pass encryption or decryption of larger amounts of data.
In symmetric encryption, a single key is used for encrypting and decrypting the data. This type of encryption is quite fast, but has a severe problem: in order to share a secret with someone, they have to know your key. This implies a very high level of trust between people sharing secrets; if an unscrupulous person has your key-- or if your key is intercepted by a spy-- they can decrypt all the messages you send using that key!
With Public Key encryption, we generate a Public Key and a corresponding Private key.
The way the algorithms work is that the private key can only be used to decrypt information that has been encrypted using its matching public key.
Conversely, the public key can only decrypt information encrypted with the private key.
Asymmetric encryption/ decryption is notably slower than symmetric and therefore is more suited for small amounts of data.
Typically, a system that uses public key encryption would make its public key freely available.
They would, however, guard the corresponding private key very carefully.
Users could therefore send private data encrypted with the private key, and only the intended recipient - who must possess the matching public key - would be able to decrypt and use it.
Public keys are also used to verify that a message is from the actual sender, because the sender is the only one who has the private key. That's essentially how XMLSignature works.
So for example, a system, which makes its public key freely available (as with a WebMethod) might receive a user's message containing login information that is encrypted using the public key. It would then use its private key to decrypt this information, compare the user and password against its database, and once authenticated, use the user's decrypted password ( or some similar combination) as the "KEY" to symmetrically encrypt its response to the user. Since the user is the only one who knows her own password, she can decrypt the response securely.
Asymmetric encryption solves the trust problem inherent in symmetric encryption by using two different keys: a public key for encrypting messages, and a private key for decrypting messages. This makes it possible to communicate in secrecy with people you don't fully trust. If an unscrupulous person has your public key, who cares? The public key is only good for encryption; it's useless for decryption.
They can't decrypt any of your messages! However, asymmetric encryption is very slow. It's not recommended for use on more than roughly 1 kilobyte of data.