Http://blog.joycode.com/moslem/archive/2003/12/29/10108.aspx
At present, enterprises are facing great changes in the computing environment and the past. Many data resources can be remotely accessed by the network, and more communications depend on public networks (such as the Internet ), these environments do not guarantee secure communication between entities. data may be read or tampered with by others during transmission.
Encryption prevents data from being viewed or modified, and provides a secure communication channel on an originally insecure channel. It achieves the following purposes:
- Confidentiality: prevents user identities or data from being read.
- Data Integrity: prevents data from being changed.
- Authentication: ensure that data is sent from a specific party.
I. Data Encryption/EncodingAlgorithmList
Common encryption or encoding algorithms used to ensure security are as follows:
1. Common Key Algorithms
Key algorithms are used to encrypt sensitive data, summaries, signatures, and other information. common key algorithms include:
- Des(Data Encryption Standard): Data Encryption Standard, fast, suitable for encrypting a large amount of data;
- 3DES(Triple DES): Based on Des, three different keys are used to encrypt a piece of data three times, with higher strength;
- RC2 and RC4: Use a variable-length key to encrypt a large amount of data, which is faster than DES;
- Idea(International Data Encryption Algorithm) the International Data encryption algorithm uses a 128-bit key to provide high security;
- RSA: Invented by RSA, it is a public key algorithm that supports variable-length keys. The length of files to be encrypted is variable;
- DSA(Digital Signature Algorithm): digital signature algorithm, which is a standard DSS (Digital Signature Standard );
- AES(Advanced Encryption Standard): Advanced Encryption Standard is the next-generation encryption algorithm standard, featuring high speed and high security level. Currently, Rijndael is an implementation of the AES standard;
- BlowfishIt uses a variable-length key, which can contain up to 448 bits and runs fast;
- Other algorithms, such as ElGamal, deffie-Hellman, and ECC.
2. Unidirectional hashing algorithm
Unidirectional hash functions are generally used to generate message summaries and encrypt keys. Common examples include:
- MD5(Message Digest algorithm 5): It is a one-way hash algorithm developed by RSA Data Security Companies. MD5 is widely used, it can be used to compress data blocks of different lengths into a 128-bit value;
- Sha(Secure hash algorithm) This is a relatively new hash algorithm that can generate a 160-bit value for any-length data computation;
- Mac(Message authentication code): Message AuthenticationCodeIs a one-way function that uses keys and can be used to authenticate files or messages on the system or between users. HMAC is an example of this function.
- CRC(Cyclic redundancy check): Cyclic Redundancy checksum and CRC checksum are widely used in various data verification applications due to simple implementation and high error checking capability. It occupies less system resources and can be implemented using software and hardware. It is a good method for data transmission error detection (CRC is not a strictly hashed algorithm, however, it serves roughly the same purpose as the hash algorithm ).
3. Other data Algorithms
Other data algorithms include some common Encoding algorithms and their conversion from plain text (ASCII, Unicode, etc.), suchBase 64,Quoted printable,Ebcdic.
Ii. algorithm. Net implementation
Common encryption and encoding algorithms have been implemented in. NET Framework, providing great convenience for the coding staff. The namespace for implementing these algorithms is system. Security. cryptography.
The system. Security. cryptography namespace provides encryption services, including secure data encoding and decoding, and many other operations, such as hash, random number generation, and message authentication.
System. Security. cryptography is organized as follows:
1. Private Key Encryption
Private Key Encryption is also called symmetric encryption because the same key is used for both encryption and decryption. The private key encryption algorithm is very fast (compared with the public key algorithm), especially suitable for performing encryption and conversion on large data streams.
. NET Framework provides the following classes for implementing the private key encryption algorithm:
- Des: Descryptoserviceprovider
- RC2: Rc2cryptoserviceprovider
- Rijndael (AES): Rijndaelmanaged
- 3DES: Tripledescryptoserviceprovider
2. public key encryption and digital signature
Public key encryption uses a private key that must be kept confidential to unauthorized users and a public key that can be made public to anyone.Data Encrypted with the public key can only be decrypted with the private key, while data signed with the private key can only be verified with the public key.. The public key can be used by anyone. The key is used to encrypt the data to be sent to the Private Key Holder. The two keys are unique for communication sessions. Public key encryption algorithms are also called asymmetric algorithms because one key is used to encrypt data and another key is used to decrypt data.
. NET Framework provides the following classes to implement public key encryption algorithms:
- DSA: Dsacryptoserviceprovider
- RSA: Rsacryptoserviceprovider
3. Hash Value
The hash algorithm maps binary values of any length to smaller binary values of a fixed length. This smaller binary value is called a hash value. A hash value is a unique and extremely compact numeric representation of a piece of data. If a piece of plain text is hashed and only one letter of the paragraph is modified, the subsequent hash will generate different values. It is impossible to calculate two different inputs with the same hash value. Therefore, the hash value of the data can be used to check the integrity of the data.
. NET Framework provides the following classes for implementing digital signature algorithms:
- HMAC:Hmacsha1 (HMAC is a hash algorithm using keys)
- Mac:Mactripledes
- MD5:Md5cryptoserviceprovider
- Sha1: Sha1managed, sha256managed, sha384managed, and sha512managed
4. Random Number Generation
Encryption keys must be as random as possible to make the generated keys difficult to reproduce. Therefore, random number generation is an integral part of many encryption operations.
In. in the. NET Framework, rngcryptoserviceprovider is the implementation of the random number generator algorithm. For data algorithms ,. NET framework is implemented in other namespaces, such as the convert class to implement Base 64 encoding, system. text to convert the encoding method.
From the above ,.. NET Framework supports data encryption and encoding, which greatly facilitates developers ,. the data encryption algorithms in the. NET Framework are still incomplete, such as idea, blowfish, and other algorithms, such as ElGamal, deffie-Hellman, and ECC. They do not support other data verification algorithms, for example, CRC and SFV, developers can only transplant early code or find third-party vendor implementations.
BTW: looking at so many data encryption algorithms, isn't it a little dizzy? After looking at this picture, you must feel some pressure.