. NET and security (1) --- Data Encryption Algorithm

Source: Internet
Author: User
Tags hmac

At present, enterprises are facing great changes in the computing environment and the past. Many data resources can be remotely accessed by the network, and more communications depend on public networks (such as the Internet ), these environments do not guarantee secure communication between entities. data may be read or tampered with by others during transmission.

Encryption prevents data from being viewed or modified, and provides a secure communication channel on an originally insecure channel. It achieves the following purposes:

  • Confidentiality: prevents user identities or data from being read.
  • Data Integrity: prevents data from being changed.
  • Authentication: ensure that data is sent from a specific party.

I. Data Encryption/encoding algorithm list

Common encryption or encoding algorithms used to ensure security are as follows:

1. Common Key Algorithms

Key algorithms are used to encrypt sensitive data, summaries, signatures, and other information. common key algorithms include:

  • Des
    (Data Encryption Standard): Data Encryption Standard, fast, suitable for encrypting a large amount of data;
  • 3DES
    (Triple DES): Based on Des, three different keys are used to encrypt a piece of data three times, with higher strength;
  • RC2 and RC4
    : Use a variable-length key to encrypt a large amount of data, which is faster than DES;
  • Idea
    (International Data Encryption Algorithm) the International Data encryption algorithm uses a 128-bit key to provide high security;
  • RSA
    : Invented by RSA, it is a public key algorithm that supports variable-length keys. The length of files to be encrypted is variable;
  • DSA
    (Digital Signature Algorithm): digital signature algorithm, which is a standard DSS (Digital Signature Standard );
  • AES
    (Advanced Encryption Standard): Advanced Encryption Standard is the next-generation encryption algorithm standard, featuring high speed and high security level. Currently, Rijndael is an implementation of the AES standard;
  • Blowfish
    It uses a variable-length key, which can contain up to 448 bits and runs fast;
  • Other algorithms, such as ElGamal, deffie-Hellman, and ECC.

2. Unidirectional hashing algorithm

Unidirectional hash functions are generally used to generate message summaries and encrypt keys. Common examples include:

  • MD5
    (Message Digest algorithm 5): It is a one-way hash algorithm developed by RSA Data Security Companies. MD5 is widely used, it can be used to compress data blocks of different lengths into a 128-bit value;
  • Sha
    (Secure hash algorithm) This is a relatively new hash algorithm that can generate a 160-bit value for any-length data computation;
  • Mac
    Message authentication code (authentication code): A one-way function that uses keys. It can be used to authenticate files or messages on the system or between users. HMAC is an example of this function.
  • CRC
    (Cyclic Redundancy
    Check): Cyclic Redundancy checksum and CRC checksum are widely used in various data verification applications due to simple implementation and high error checking capability. It occupies less system resources and can be implemented using software and hardware. It is used for data transmission.
    It is a good method for error detection (CRC is not a strictly hash algorithm, but its function is roughly the same as that of the hash algorithm ).

3. Other data Algorithms

Other data algorithms include some common Encoding algorithms and their conversion from plain text (ASCII, Unicode, etc.), suchBase 64
,Quoted printable
,Ebcdic
.

Ii. algorithm. Net implementation

Common encryption and encoding algorithms have been implemented in. NET Framework, providing great convenience for the coding staff. The namespace for implementing these algorithms is system. Security. cryptography.

The system. Security. cryptography namespace provides encryption services, including secure data encoding and decoding, and many other operations, such as hash, random number generation, and message authentication.

System. Security. cryptography is organized as follows:

1. Private Key Encryption

Private Key Encryption is also called symmetric encryption because the same key is used for both encryption and decryption. The private key encryption algorithm is very fast (compared with the public key algorithm), especially suitable for performing encryption and conversion on large data streams.

. NET Framework provides the following classes for implementing the private key encryption algorithm:

  • Des
    : Descryptoserviceprovider
  • RC2
    : Rc2cryptoserviceprovider
  • Rijndael (AES)
    : Rijndaelmanaged
  • 3DES
    : Tripledescryptoserviceprovider

2. public key encryption and digital signature

Public key encryption uses a private key that must be kept confidential to unauthorized users and a public key that can be made public to anyone.Data Encrypted with the public key can only be decrypted with the private key, while data signed with the private key can only be verified with the public key.
. The public key can be used by anyone. The key is used to encrypt the data to be sent to the Private Key Holder. The two keys are unique for communication sessions. Public key encryption algorithms are also called asymmetric algorithms because one key is used to encrypt data and another key is used to decrypt data.

. NET Framework provides the following classes to implement public key encryption algorithms:

  • DSA
    : Dsacryptoserviceprovider
  • RSA
    : Rsacryptoserviceprovider

3. Hash Value

The hash algorithm maps binary values of any length to smaller binary values of a fixed length. This smaller binary value is called a hash value. The hash value is 1.
The unique and extremely compact numeric representation of segment data. If a piece of plain text is hashed and only one letter of the paragraph is modified, the subsequent hash will generate different values. To find two different hash columns with the same value
It is impossible to calculate the input, so the hash value of the data can verify the integrity of the data.

. NET Framework provides the following classes for implementing digital signature algorithms:

  • HMAC:
    Hmacsha1 (HMAC is a hash algorithm using keys)
  • Mac:
    Mactripledes
  • MD5:
    Md5cryptoserviceprovider
  • Sha1
    : Sha1managed, sha256managed, sha384managed, and sha512managed

4. Random Number Generation

Encryption keys must be as random as possible to make the generated keys difficult to reproduce. Therefore, random number generation is an integral part of many encryption operations.

In. NET Framework, rngcryptoserviceprovider
Is the implementation of the random number generator algorithm. For data algorithms,. NET Framework is implemented in other namespaces, such as convert class implementation base 64
Encoding and system. Text to convert the encoding method.

From the above,. NET Framework
Data Encryption/encoding is well supported, which greatly facilitates developers. However, in the US, the Data Encryption Algorithm in. NET Framework is still incomplete, as shown in figure
Idea, blowfish, and other algorithms, such as ElGamal, deffie-Hellman, and ECC, provide insufficient support for some other data validation algorithms, such
CRC, SFV, etc. developers can only transplant early code or find third-party vendor implementations.

BTW: looking at so many data encryption algorithms, isn't it a little dizzy? Look
This image

Then, you must feel some pressure.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.