Chapter 20. Cryptography
In this chapter, we discuss the major cryptography APIs in .NET:
Windows Data Protection API (DPAPI)
Hashing
Symmetric encryption
Public key encryption and signing
The types covered in this chapter are defined in the following namespaces:
System.Security; System.Security.Cryptography;
Overview
Table 20-1 summarizes the cryptography options in .NET. In the remaining sections, we explore each of these.
Option | Keys to manage | Speed | Strength | Notes |
---|---|---|---|---|
File.Encrypt |
0 | Fast | Depends on user’s password | Protects files transparently with filesystem support. A key is derived implicitly from the logged-in user’s credentials. Windows only. |
Windows Data Protection | 0 | Fast | Depends on user’s password | Encrypts and decrypts byte arrays using an implicitly derived key. |
Hashing | 0 | Fast | High | One-way (irreversible) transformation. Used for storing passwords, comparing files, and checking for data corruption. |
Symmetric Encryption | 1 | Fast | High | For general-purpose encryption/decryption. The same key encrypts and decrypts. Can be used to secure messages in transit. |
Public Key Encryption | 2 | Slow | High | Encryption and decryption use different keys. Used for exchanging a symmetric key in message transmission and for digitally signing files. |
.NET also provides more specialized support for creating and validating XML-based signatures in System.Security.Cryptography.Xml
and types for working with digital certificates in System.Security.Cryptography.X509Certificates ...
Get C# 12 in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.