Exam 70-553 - Encrypt, decrypt, and hash data by using the System.Security.Cryptography classes.

This was actually one of my favorite topics to research. As a developer who never really needed to know that much about cryptography, I found it very interesting to know some of the background which you typically don't get out of msdn. Thank goodness for Wikipedia.

Section 1
  • Part 4
    • Topic 3

Encrypt, decrypt, and hash data by using the System.Security.Cryptography classes. (Refer System.Security.Cryptography namespace)

  • DES class and DESCryptoServiceProvider class
  • HashAlgorithm class
  • DSA class and DSACryptoServiceProvider class
  • SHA1 class and SHA1CryptoServiceProvider class
  • TripleDES and TripleDESCryptoServiceProvider class
  • MD5 class and MD5CryptoServiceProvider class
  • RSA class and RSACryptoServiceProvider class
  • RandomNumberGenerator class
  • CryptoStream class
  • CryptoConfig class
  • RC2 class and RC2CryptoServiceProvider class
  • AssymetricAlgorithm class
  • ProtectedData class and ProtectedMemory class
  • RijndaelManaged class and RijndaelManagedTransform class
  • CspParameters class
  • CryptoAPITransform class
  • Hash-based Message Authentication Code (HMAC)


This section deals with .Net support for different cryptography measures. Each class usually has a base class for defining the type of encryption with a provider that actually does the implementation.

Symmetric key ciphers use the same key for encryption and decryption to secure data. Ciphers can operate on a bit by bit basis (stream ciphers) or group of bits (block ciphers). DES or Data Encryption Standard is a block cipher that uses a 56K bit key. The small key size is why DES is considered insecure with keys that have been broken in less than 24 hours. TripleDES is another block cipher that actually uses the DES method 3 times. It was devised when the 56K DES was found to be susceptible to brute force attacks. RC2 is another block cipher with a 64 bit block and a variable sized key. Rijndael, also known as Advanced Encryption Standard (AES) is another block cipher that uses a 128 bit block with keys in multiple of 32 bits. AES only supports 128, 196 or 256 bit keys.

DSA is a federal government standard for digital signatures. It involves key generation using 160 bit prime numbers, signing and verification.

Cryptographic Hash Functions hash a message with the goal of being easy to compute but hard if not impossible to break. MD5 (Message Digest) uses a 128 bit key to hash values, SHA-1 (Secure Hash Algorithm) is the other popular Hash Function. Both have been demonstrated as having problems

HMAC is a key hash message authentication code that typically uses MD5 or SHA-1 to use a hash function in combination with secret key.

Asymmetric key ciphers (AKA Public key cryptography) use a cryptographic process that involves two keys: The public key is used to encrypt the message, but only the private key can decrypt the message and read it. RSA is one popular implementation of an asymmetric key cipher.

The RandomNumberGenrator Class is the base class from which all Cryptographically strong Random Number generators must derive.

DPAPI, the Data Protection API is used by the Protected Data and Protected Memory class to secure data. DPAPI uses a password, TripleDES and strong keys. The encryption is handled at the OS level.

The CSPParameters Class is used to pass parameters such as key to Cryptographic Providers

The CryptoAPITransform class performs the actual transformation of data. The providers expose a createEncryptor method which can be cast to this type for doing the work.

The following are examples of using DSA, SHA1, and Rijndael from MSDN:


Verifying a Signature:
DSACryptoServiceProvider DSA = new DSACryptoServiceProvider(); //The hash value to sign.
byte[] HashValue = {59,4,248,102,77,97,142,201,210,12,224,93,25,41,100,197,213,134,130,135}; //The value to hold the signed value.
byte[] SignedHashValue = DSASignHash(HashValue, DSA.ExportParameters(true), jhn"SHA1"); //Verify the hash and display the results.
if(DSAVerifyHash(HashValue, SignedHashValue, DSA.ExportParameters(false), "SHA1"))
Console.WriteLine("The hash value was verified.");
Console.WriteLine("The hash value was not verified.");

Creating a Signature
DSACryptoServiceProvider DSA = new DSACryptoServiceProvider(); //Import the key information.
DSA.ImportParameters(DSAKeyInfo); //Create an DSASignatureFormatter object and pass it the
//DSACryptoServiceProvider to transfer the private key. DSASignatureFormatter DSAFormatter = new DSASignatureFormatter(DSA); //Set the hash algorithm to the passed value.
DSAFormatter.SetHashAlgorithm(HashAlg); //Create a signature for HashValue and return it.
return DSAFormatter.CreateSignature(HashToSign);


byte[] data = new byte[DATA_SIZE];
byte[] result; SHA1 sha = new SHA1CryptoServiceProvider();
// This is one implementation of the abstract class SHA1. result = sha.ComputeHash(data);


Decrypting a file:
Rijndael RijndaelAlg = Rijndael.Create(); // Create a string to encrypt.
string sData = "Here is some data to encrypt.";
string FileName = "CText.txt"; // Encrypt text to a file using the file name, key, and IV.
EncryptTextToFile(sData, FileName, RijndaelAlg.Key, RijndaelAlg.IV); // Decrypt the text from a file using the file name, key, and IV.
string Final = DecryptTextFromFile(FileName, RijndaelAlg.Key, RijndaelAlg.IV); // Display the decrypted string to the console.

Encrypting a file
// Create or open the specified file.
FileStream fStream = File.Open(FileName, FileMode.OpenOrCreate); // Create a new Rijndael object.
Rijndael RijndaelAlg = Rijndael.Create(); // Create a CryptoStream using the FileStream
// and the passed key and initialization vector (IV).
CryptoStream cStream = new CryptoStream(fStream, RijndaelAlg.CreateEncryptor(Key, IV), CryptoStreamMode.Write); // Create a StreamWriter using the CryptoStream.
StreamWriter sWriter = new StreamWriter(cStream); try
// Write the data to the stream
// to encrypt it.
catch (Exception e)
Console.WriteLine("An error occurred: {0}", e.Message);
// Close the streams and
// close the file.

Other Resources & Links:

Cryptography in Microsoft.Net

Wikipedia: Cryptography

Tales from the Crypto

DSA Class

SHA1 Class

Rijndael Class

RandomNumberGenerator Class

Windows Data Protection

CSPParameters Class

CrytpoAPITransform Class


Exam 70-553 - Implement a custom authentication scheme by using the System.Security.Authentication classes.