.NET Cryptography Overview

The .NET encryption classes are divided into three layers:

  1. Asymmetric Algorithm: This class represents asymmetric encryption, which uses a public/private key pair. Data encrypted with one key can be decrypted only with the other key.
  2. Symmetric Algorithm: This class represents symmetric encryption, which uses a shared secret value. Data encrypted with the key can be decrypted using only the same key.
  3. Hash Algorithm: This class represents hash generation and verification. Hashes are also known as one-way encryption algorithms, because you can only encrypt but not decrypt data. You can use hashes to ensure that data is not tampered with.

The second level of classes represent a specific encryption algorithm that are derived from the encryption base classes, but are also abstract classes. The third level of classes is a set of encryption implementations. Each implementation class derives from an algorithm class. Classes that wrap the CryptoAPI functions usually have CryptoServiceProvider in their name and managed classes typically have Managed in their name


Symmetric Encryption Algorithms

Abstract AlgorithmDefault ImplementationValid KeyMax Key
TripleDESTripleDESCryptoServiceProvider128, 192192
RijndaelRijndaelManaged128, 192, 256256
the key length for DES and TripleDES includes parity bits that don’t contribute to the strength of the encryption

Asymmetric Encryption

Abstract AlgorithmDefault ImplementationValid KeyMax Key
RSARSACryptoServiceProvider384-16384 (8-bit increments)1024
DSADSACryptoServiceProvider512-1024 (64-bit increments)1024