Symmetric encryption (3) NET symmetric encryption system

This section describes the symmetric cryptographic classes in the System.Security.Cryptography namespace.

1. SymmetricAlgorithm class

SymmetricAlgorithm is an abstract class that is the base class for all symmetric cryptographic algorithms, and the members of the class definition are described in their subclass AES class.

When using derived classes, it is not sufficient to enforce garbage collection from a security perspective only after you have finished using the object. The clear method must be explicitly called on the object so that all sensitive data contained in the object is zeroed before the object is disposed. Note that garbage collection does not clear the contents of the reclaimed object, but simply marks the memory as available for reallocation. Thus, the data contained in the garbage collection object may still exist in the memory heap that does not allocate memory. In the case of encrypting an object, this data may contain sensitive information, such as key data or plain text blocks.

All cryptographic classes that contain sensitive data in the. NET framework implement the Clea method. When invoked, the clear method overwrites all sensitive data within the object with 0, and then releases the object so that it can be safely reclaimed by the garbage collector. When the object has been cleared 0 and released, the Dispose method should be called and the disposing parameter set to True to free all managed and unmanaged resources associated with the object.

2. AES Class

The AES class is an abstract class, and all implementations of the Advanced Encryption Standard (AES) must inherit this class. The members of the class are as follows:

1 constructor Aes (). The AES abstract class defines only a parameterless constructor.

2) Aes.create method. This static method creates the cryptographic object that is used to execute the symmetric algorithm.

3) Aes.create (String) method. The string parameter is the name of the specific implementation of AES to be used.

4) CreateDecryptor () method. The method inherits from the SymmetricAlgorithm class and creates a symmetric decryption object with the current key property and the initialization vector (IV).

Note For a given key K, a simple block cipher that does not use an initialization vector encrypts the same plain text input block to the same password requires a text output block. If there are duplicate blocks in a plain text stream, there will also be duplicate blocks in the cipher text stream. If an unauthorized user knows any information about the structure of a plain text block, you can use that information to decrypt a known cipher text block and potentially regain your key. To prevent this problem, the information in the previous block is mixed into the encryption process of the next block. In this way, the output of the two identical blocks of plain text becomes different. Because this technique uses the previous block to encrypt the next block, you need to initialize the vector to encrypt the first block of data.

5) CreateDecryptor (Byte[]key, Byte[]iv) method. When overridden in a derived class, creates a symmetric decryption object with the specified key property and initialization vector (IV).

6) CreateEncryptor () method. The method inherits from the SymmetricAlgorithm class and creates a symmetric cryptographic object with the current key property and the initialization vector (IV).

Note If the current key property is null, the GenerateKey method is called to create a new random key. If the current IV property is NULL, the GenerateIV method is called to create a new random IV. Use the CreateDecryptor overload with the same signature to decrypt the result of this method.

7) CreateEncryptor (Byte[]rgbkey,byte[]rgbiv) method. Creates a symmetric cryptographic object with the specified key property and initialization vector (IV).

8) GenerateIV () method. The method inherits from the SymmetricAlgorithm class, and when overridden in a derived class, generates a random initialization vector (IV) for the algorithm.

9) GenerateKey () method. The method inherits from the SymmetricAlgorithm class, and when overridden in a derived class, generates a random key (key) for the algorithm.

validkeysize (int bitlength) method. The method inherits from the SymmetricAlgorithm class, determining whether the specified key size is valid for the current algorithm. True if the specified key size is valid for the current algorithm, or false.

One) blocksize properties. Inherits from the SymmetricAlgorithm class, gets or sets the block size (in bits) of the cryptographic operation. A block size is a basic unit of data that can be encrypted or decrypted in an operation. Messages longer than block size are processed as contiguous blocks, and for messages that are shorter than the block size, additional bits must be populated to reach the block size. The valid block size is determined by the symmetric algorithm used.

) Feedbacksize property. Inherits from the SymmetricAlgorithm class, gets or sets the feedback size (in bits) of the cryptographic operation. The feedback size determines the amount of data that is fed back to the continuous encryption or decryption operation. The feedback size cannot be greater than the block size.

IV property. Inherits from the SymmetricAlgorithm class, gets or sets the initialization vector (IV) of the symmetric algorithm.

Key property. Inherits from the SymmetricAlgorithm class, gets or sets the key of the symmetric algorithm. The key is used for both encryption and decryption. In order to guarantee the success of the symmetric algorithm, only the sender and receiver must know the key. The effective key size is specified by the specific implementation of the symmetric algorithm and is listed in the Legalkeysizes property. If this property is null when used, the GenerateKey method is called to create a new random value.

) KeySize property. Inherits from the SymmetricAlgorithm class, gets or sets the size, in bits, of the key used by the symmetric algorithm. The effective key size is specified by the specific implementation of the symmetric algorithm and is listed in the Legalkeysizes property.

Keysizes[] Legalblocksizes property. Inherits from the SymmetricAlgorithm class, gets the block size (in bits) supported by the symmetric algorithm. The symmetric algorithm only supports block sizes that match entries in the array.

Keysizes[] Legalkeysizes property. Inherits from the SymmetricAlgorithm class, obtaining the key size (in bits) supported by the symmetric algorithm. The symmetric algorithm only supports key sizes that match entries in the array.

Ciphermode Mode property. Inherits from the SymmetricAlgorithm class, the default value is CIPHERMODE.CBC.