Combining Symmetric and Asymmetric Encryption

Symmetric Encryption

Symmetric encryption uses a secret key value to encrypt and decrypt data. Both the sender and receiver need the same key to encrypt or decrypt. There are two types of symmetric algorithms: stream algorithms and block algorithms. The stream algorithm works on one bit or byte at a time, whereas the block algorithm works on larger blocks of data (typically 64 bits). The drawback to this type of system is that if the key is discovered, all messages can be decrypted.

In the .NET framework, there are classes derived from the System.Security.SymmetricAlgorithm class in the System.Security.Cryptography namespace that equip us to use symmetric encryption. Each of the classes uses a different algorithm for this purpose. These algorithms use a random initialization vector (IV) that makes the encrypted data different even when using the same source data. Generally speaking, the algorithm is more secure the larger its key size. Here are the different classes available:

Class Algorithm Default key size
DESCryptoServiceProvider DES 64
TripleDESCryptoServiceProvider TripleDES 192
RC2CryptServiceProvider RC2 128
RijndaelManaged Rijndael 256

With .NET, we can wrap a stream of data with the CryptoStream. This gives us a very easy way of using symmetric encryption classes. If you wrap a FileStream with the CryptoStream, it will encrypt data as it's being written and decrypt it as it's being read. The main weakness of this type of system is the vulnerability of the one key.

Examples:

Declare a new instance of the class:

Private Rijndael As New RijndaelManaged()

Write a key:

Dim keyFile As New FileStream("key.bin", FileMode.CreateNew)
keyFile.Write(Rijndael.Key, 0, Rijndael.Key.Length)
keyFile.Close()

Encrypt data:

Dim Transform As ICryptoTransform = Rijndael.CreateEncryptor()
Dim outFile As New FileStream("crypt.bin", FileMode.Create)
outFile.Write(Rijndael.IV, 0, Rijndael.IV.Length)
Dim cryptStrm As New CryptoStream(outFile, Transform, _
                                  CryptoStreamMode.Write)
Dim writer As New StreamWriter(cryptStrm)
writer.Write(txtSource.Text)
writer.Flush()
cryptStrm.FlushFinalBlock()
writer.Close()

To decrypt data, the CryptoStream would use a decryptor and it would use read mode instead of write mode.

Asymmetric Encryption

Asymmetric encryption uses a seperate key for encryption and decryption. The decryption key is very hard to derive from the encryption key. The encryption key is public so that anyone can encrypt a message. However, the decryption key is private, so that only the receiver is able to decrypt the message. It is common to set up "key-pairs" within a network so that each user has a public and private key. The public key is made available to everyone so that they can send messages, but the private key is only made available to the person it belongs to.

In the .NET framework, there is a RSACryptoServiceProvider class that supports this type of encryption. This class has a default key size of 1024 bits. Because this type of encryption does not use a stream, it is more cumbersome to use. Instead of being able to wrap a FileStream, you have to encrypt data in small blocks. This type of system is generally used to encrypt keys, not entire messages. This is because asymmetric encryption is slow and the encrypted files are open to "chosen-plaintext" attacks. The "chosen-plaintext" attack is when someone has access to several encrypted messages along with the plaintext, and they choose plaintext that gets encrypted. As far as the speed of this type of system, symmetric algorithms are generally 1000 times faster. Asymmetric algorithms also generally produce encrypted files that are much larger than the source files.

Combination Symmetric and Asymmetric Encryption

If we want the benefits of both types of encryption algorithms, the general idea is to create a random symmetric key to encrypt the data, and then encrypt that key asymmetrically. Once the key is asymmetrically encrypted, we add it to the encrypted message. The receiver gets the key, decrypts it with their private key, and uses it to decrypt the message.

Example:

Private RSA As New RSACryptoServiceProvider()

Create key:

Dim keyFile As New FileStream("key.bin", FileMode.CreateNew)
Dim writer As New StreamWriter(keyFile)
writer.Write(RSA.ToXmlString(True))
writer.Flush()
keyFile.Close()

Encrypt:

Dim outFile As New FileStream("crypt.bin", FileMode.Create)
Dim Rijndael As New RijndaelManaged()
Dim EncryptedKey() As Byte = RSA.Encrypt(Rijndael.Key, False)
Dim EncryptedIV()  As Byte = RSA.Encrypt(Rijndael.IV, False)
outFile.Write(EncryptedKey, 0, EncryptedKey.Length)
outFile.Write(EncryptedIV, 0, EncryptedIV.Length)
Dim Transform As ICryptoTransform = Rijndael.CreateEncryptor()
Dim cryptStrm As New CryptoStream(outFile, Transform, _
                                  CryptoStreamMode.Write)
Dim writer As New StreamWriter(cryptStrm)
writer.Write(txtSource.Text)
writer.Flush()
cryptStrm.FlushFinalBlock()
writer.Close()

Conclusion

Cryptography is a very robust field. This article tries to point out the advantages of combining different systems into one. In the current state of cryptography, the keys are the most important tools in keeping data secure. Keeping the private keys secure and large enough will make it very difficult to crack an encryption system.

Resources

Applied Cryptography, Bruce Schneier
Visual Basic .NET Programmers Cookbook, Matthew MacDonald



About the Author

Larry Bray

I have a BSCS and am a member of the IEEE. My current job title is IT Director. I use the following languages: CFMC, VB, VB.NET, C++.NET, C#.NET, C++, HTML, ASP, JavaScript, VBScript, Java

Comments

  • Good intro - Additional resource

    Posted by Tom Archer on 11/02/2004 08:57am

    Nice intro into the world of .NET encryption. I would also suggest to the reader my .NET book: Extending MFC Applications with the .NET Framework. While not a VB book, I do have a 45 page chapter dedicated to the various .NET cryptography classes. This includes half a dozen full functional demo applications that you can start using immediately or use as a starting point for your own applications.

    Reply
Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Live Event Date: December 11, 2014 @ 1:00 p.m. ET / 10:00 a.m. PT Market pressures to move more quickly and develop innovative applications are forcing organizations to rethink how they develop and release applications. The combination of public clouds and physical back-end infrastructures are a means to get applications out faster. However, these hybrid solutions complicate DevOps adoption, with application delivery pipelines that span across complex hybrid cloud and non-cloud environments. Check out this …

  • On-demand Event Event Date: October 29, 2014 It's well understood how critical version control is for code. However, its importance to DevOps isn't always recognized. The 2014 DevOps Survey of Practice shows that one of the key predictors of DevOps success is putting all production environment artifacts into version control. In this webcast, Gene Kim discusses these survey findings and shares woeful tales of artifact management gone wrong! Gene also shares examples of how high-performing DevOps …

Most Popular Programming Stories

More for Developers

RSS Feeds