Chapter 20. Cryptography

In this chapter, we discuss the major cryptography APIs in .NET:

  • Windows Data Protection API (DPAPI)

  • Hashing

  • Symmetric encryption

  • Public key encryption and signing

The types covered in this chapter are defined in the following namespaces:

System.Security;
System.Security.Cryptography;

Overview

Table 20-1 summarizes the cryptography options in .NET. In the remaining sections, we explore each of these.

Table 20-1. Encryption and hashing options in .NET
Option Keys to manage Speed Strength Notes
File.Encrypt 0 Fast Depends on user’s password Protects files transparently with filesystem support. A key is derived implicitly from the logged-in user’s credentials. Windows only.
Windows Data Protection 0 Fast Depends on user’s password Encrypts and decrypts byte arrays using an implicitly derived key.
Hashing 0 Fast High One-way (irreversible) transformation. Used for storing passwords, comparing files, and checking for data corruption.
Symmetric Encryption 1 Fast High For general-purpose encryption/decryption. The same key encrypts and decrypts. Can be used to secure messages in transit.
Public Key Encryption 2 Slow High Encryption and decryption use different keys. Used for exchanging a symmetric key in message transmission and for digitally signing files.

.NET also provides more specialized support for creating and validating XML-based signatures in System.Security.Cryptography.Xml and types for working with digital certificates in System.Security.Cryptography.X509Certificates ...

Get C# 12 in a Nutshell now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.