When you think ASP, think...
Recent Articles
All Articles
ASP.NET Articles [1.x] [2.0]
ASPFAQs.com
Message Board
Related Web Technologies
User Tips!
Coding Tips
Search

Sections:
Book Reviews
Sample Chapters
Commonly Asked Message Board Questions
Headlines from ASPWire.com
JavaScript Tutorials
MSDN Communities Hub
Official Docs
Security
Stump the SQL Guru!
Web Hosts
XML Info
Information:
Advertise
Feedback
Author an Article
Technology Jobs

















internet.com
IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers
ASP ASP.NET ASP FAQs Message Board Feedback ASP Jobs
Print this page.

Windows Systems Administrator
Jupitermedia
US-CT-Darien

Justtechjobs.com Post A Job | Post A Resume

Published: Wednesday, September 05, 2001

Using Symmetric Cryptography in an ASP.NET Web Page
By Mart Slim

To Learn More...
This article examines how to implement a specific type of security (symmetric encryption) through an ASP.NET Web page. To learn more about ASP.NET, be sure to visit the ASP.NET Article Index; for more information on encryption and security, be sure to visit the Security Article Index.

- continued -

Introduction
With classic ASP, implementing encryption algorithms either required a third-party COM component, or some fairly heady scripts. (There are a number of articles on 4Guys that deal with encryption, see: Encryption with ASP and Encrypting the Information Passed through the QueryString for starters.) Encryption via an ASP.NET Web page is, in my opinion, much simpler and easier than in classic ASP. With the .NET Framework, all of the cryptographic classes are held in the System.Security.Cryptography namespace, making it easy to add cryptographic functionalities into your applications. In this article we'll examine how to encrypt data through an ASP.NET Web page, but before getting into gory implementation details, let's skim through some basics of cryptography:

There are generally two main types of encryption and decryption algorithms, symmetric and asymmetric. In symmetric encryption, a secret key or password is used to scramble data. In order to decrypt the scrambled data, the same key has to be used. DES and RC2 are examples of symmetric algorithms.

On the other hand, asymmetric algorithms use a related key-pair to encrypt and decrypt data. One of the keys in the pair is typically called a public key while the other is called a private key. Data encrypted with a public key can only be decrypted with the private key, and vice-versa. PKI (public key infrastructure) is built based on asymmetric algorithm. RSA is a popular asymmetric algorithm.

Another key component of cryptography is hash functions. These functions map input data of any length to a fixed length output. Unlike encryption/decryption algorithm, hash functions are generally one way (i.e. their scrambled data is not reversible) and are designed to guarantee fixed length and unique result set as long as the input string is unique. Usage of these functions are varied but they are commonly used to generate digital signatures in public key cryptography.

The Code
This article demonstrates how to perform symmetric encryption using C# through an ASP.NET Web page. Specifically, we will be creating a class (in C#), compiling it into a DLL, and then using the DLL through an ASP.NET Web page. (Sample code is also included in the download showing how to use the DLL through a Web service!) In this code, the DES algorithm with a 64-bit key is used. While the sample code is specific to DES, it can be easily modified to use other symmetric cryptography algorithms like TripleDES or RC2. The main intent here is not to be exhaustive, rather, it is to demonstrate the technique of using .Net's cryptography namespace to perform symmetric encryption.

A class called FE_Symmetric that exposes two functions has been written:

  1. public string EncryptData(String strKey, String strData)
    This function takes in a Secret Key, strKey and the input data, strData. The return string is base64 encoded so that it can be transported over the HTTP GET/POST. If encryption fails, an empty string returns.

  2. public string DecryptData(String strKey, String strData)
    This decryption function takes in the secret key used to encrypt the input data, strData. strData must be base64 encoded. The function returns an empty string to indicate error.

There are three main points about the sample code that is worth noting, otherwise, the comments in the code are self explanatory.

  1. In the .NET Framework, the cryptography service adopts a stream-oriented design. In the case of the sample code, the CryptoStream class and its derivative class MemoryStream is used.
  2. SHA1 was used to hash the secret key. SHA1 returns a 160-bit hash and the first 64-bit of the hash is used as the key for DES encryption.
  3. The return result of the encrypt functions is base64 encoded so that the result can be transported over HTTP and displayed in HTML forms by default.

Included in the Sample Files
At the end of this article you'll find a link to download the complete sample files. In these files you'll find the source code for the encryption/decryption class; this class should to be compiled into a DLL, although a DLL is already provided in the download (a makefile is also included in the download, in case you decide to compile the source code yourself). This DLL must then be moved into the /bin directory, at which point you will be able to use it through an ASP.NET Web page or Web service.

A complete listing of files in the download can be seen below:

  • Symmetric.cs - The C# source of the code
  • Symmetric.asmx - The functions of the class FE_Symmetric exposed as a web service
  • Client.aspx - This is the HTML form that demonstrates how to use the managed Symmetric.Dll
  • Makecs.bat - Makefile to compile Symmetric.cs into Symmetric.Dll
  • Symmetric.Dll - The DLL to be placed in the BIN folder of your application

For information on using the .NET Framework for asymmetric encryption, be sure to check out these technical docs. Also, be sure to view the live demo.

Happy Programming!

  • By Mart Slim

    Attachments:

  • Download the complete source code (in ZIP format)
  • Visit the Security Article Index
  • Visit the ASP.NET Article Index
  • View a live demo!

    Windows Internet Technology | ASP.NET [1.x] [2.0] | ASPMessageboard.com | ASPFAQs.com | Advertise | Feedback | Author an Article



    • JupiterOnlineMedia

    internet.comearthweb.comDevx.commediabistro.comGraphics.com

    Search:

    Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

    Jupitermedia Corporate Info


    Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

    Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
    Solutions
    Whitepapers and eBooks
    Microsoft Article: HyperV-The Killer Feature in WinServer ‘08
    Avaya Article: How to Feed Data into the Avaya Event Processor
    Microsoft Article: Install What You Need with Win Server ‘08
    HP eBook: Putting the Green into IT
    Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
    Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
    Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
    		 Avaya Article: Setting Up a SIP A/S Development Environment
    IBM Article: How Cool Is Your Data Center?
    Microsoft Article: Managing Virtual Machines with Microsoft System Center
    HP eBook: Storage Networking , Part 1
    Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
    MORE WHITEPAPERS, EBOOKS, AND ARTICLES
    Webcasts
    Intel Video: Are Multi-core Processors Here to Stay?
    On-Demand Webcast: Five Virtualization Trends to Watch
    HP Video: Page Cost Calculator
    Intel Video: APIs for Parallel Programming
    		HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
    Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
    MORE WEBCASTS, PODCASTS, AND VIDEOS
    Downloads and eKits
    Sun Download: Solaris 8 Migration Assistant
    Sybase Download: SQL Anywhere Developer Edition
    Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
    		 Red Gate Download: SQL Compare Pro 6
    Iron Speed Designer Application Generator
    MORE DOWNLOADS, EKITS, AND FREE TRIALS
    Tutorials and Demos
    How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
    eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
    IBM Article: Collaborating in the High-Performance Workplace
    HP Demo: StorageWorks EVA4400
    		 Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
    Microsoft How-to Article: Get Going with Silverlight and Windows Live
    MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES