source.txt

Tutorial for Vb .Net for Encryption/Decryption of data

Private-Key Encryption

Private-key encryption algorithms use a single private key to encrypt and decrypt data. You must secure the key from access by unauthorized agents because any party that has the key can use it to decrypt data. Private-key encryption is also referred to as symmetric encryption because the same key is used for encryption and decryption. Private-key encryption algorithms are extremely fast (compared to public-key algorithms) and are well suited for performing cryptographic transformations on large streams of data.

Typically, private-key algorithms, called block ciphers, are used to encrypt one block of data at a time. Block ciphers (like RC2, DES, TrippleDES, and Rijndael) cryptographically transform an input block of n bytes into an output block of encrypted bytes. If you want to encrypt or decrypt a sequence of bytes, you have to do it block by block. Because the size of n is small (n = 8 bytes for RC2, DES, and TripleDES; n = 16 [the default]; n = 24; or n = 32 bytes for Rijndael), values larger than n have to be encrypted one block at a time. 

The block cipher classes provided in the base class library use a chaining mode called cipher block chaining (CBC), which uses a key and an initialization vector (IV) to perform cryptographic transformations on data. For a given private key k, a simple block cipher that does not use an initialization vector will encrypt the same input block of plaintext into the same output block of ciphertext. If you have duplicate blocks within your plaintext stream, you will have duplicate blocks within your ciphertext stream. If an unauthorized user knows anything about the structure of a block of your plaintext, she can use that information to decipher the known ciphertext block and possibly recover your key. To combat this problem, information from the previous block is mixed into the process of encrypting the next block. Thus, the output of two identical plaintext blocks is different. Because this technique uses the previous block to encrypt the next block, an IV is used to encrypt the first block of data. Using this system, common message headers that might be known to an unauthorized user cannot be used to reverse engineer a key.

One way to compromise data encrypted with this type of cipher is to perform an exhaustive search of every possible key. Depending on the size of the key used to perform encryption, this type of search is extremely time consuming using even the fastest computers and is therefore unfeasible. Larger key sizes are more difficult to decipher. Though encryption does not make it theoretically impossible for an adversary to retrieve the encrypted data, it does raise the cost of doing so prohibitively. If it takes three months to perform an exhaustive search to retrieve data that is only meaningful for a few days, then the exhaustive search method is impractical.

The disadvantage of private-key encryption is that it presumes two parties have agreed on a key and IV and communicated their values. Also, the key must be kept secret from unauthorized users. Because of these problems, private-key encryption is often used in conjunction with public-key encryption to privately communicate the values of the key and IV.

Assuming that Alice and Bob are two parties who wish to communicate over an insecure channel, they might use private-key encryption as follows. Both Alice and Bob agree to use one particular algorithm (Rijndael, for example) with a particular key and IV. Alice composes a message and creates a network stream on which to send the message. Next she encrypts the text using the key and IV, and sends it across the Internet. She does not send the key and IV to Bob. Bob receives the encrypted text and decrypts it using the previously agreed upon key and IV. If the transmission is intercepted, the interceptor cannot recover the original message because he doesn't know the key or IV. In this scenario, the key must remain secret, but the IV does not need to remain secret. In a real world scenario, either Alice or Bob generate a private key and use public-key (asymmetric) encryption to transfer the private (symmetric) key to the other party. For more information, see Public-Key Encryption.

The .NET Framework provides the following classes that implement private key encryption algorithms: 

--DESCryptoServiceProvider 
--RC2CryptoServiceProvider 
--RijndaelManaged 
--TripleDESCryptoServiceProvider 

(Source: .NET Framework SDK, "Cryptography Overview", ms-help://MS.VSCC/MS.MSDNVS/cpguide/html/cpconcryptographyoverview.htm)