Throughout history, cryptography has been used to confidentially complete messages to various recipients. This has been specifically beneficial in times of war. Up until World War II, with the use of the German enciphering machine Enigma, communications that have been encrypted were text-based. With the advent of modern computing, cryptography now tends to operate on raw information and it is applied to safeguard our communication channels, email messages, web browsing, financial transactions, plus much more. Cryptography is all around us and is, normally, completely transparent to the user. However, simply because you can’t see it doesn’t make it is any less important. Within the present day, we encounter risks from terrorists, cybercrime, and our very own government spying on its people. Due to these risks, use and it’s extremely important to comprehend and apply cryptography into your software solutions.
Cryptography is the art of protecting data by changing it (i.e. encrypting it) into an unreadable format named cyphertext. Only the ones with the secret key can decrypt the information into meaningful text. Encrypted communications can often be broken through modern cryptography methods that are practically unbreakable. As the Internet along with other forms of electronic communication become more common, digital security is becoming increasingly important. Cryptography is employed to safeguard email messages, credit card information, and corporate data. There is more to cryptography than just encrypting data, though. You’ll find three principal security themes that are covered by cryptography and various cryptography primitives that help you satisfy each concept. These themes are: Confidentiality, Integrity and Non-repudiation.
Confidentiality is what you typically associate with cryptography. This is where you take a message or some other data and encrypt it to make the original data completely unreadable. There are lots of different cryptography algorithms that you can use, including RSA and Advanced Encryption Standard (AES), and a couple of primitives (DES and Triple DES) that aren’t recommended to be used in new code but you may have to use them if you are writing code that handles older legacy systems.
In information security, data integrity means maintaining and sustaining the accuracy and consistency of information over its lifetime cycle. This means that information can`t be altered within a hidden or unauthorized way. Integrity is violated whenever a message is actively modified in transit. Systems typically provide data integrity in addition to data confidentiality. There are different cryptography primitives that you can use to help enforce data integrity including hashing algorithms such as MD5, Secure Hash Algorithm (SHA)-1, SHA-256, and SHA-512 which include hash message authentication codes (HMACs) that also use MD5, SHA-1, SHA-256, and SHA-512. Thing worth remembering is that it is not a good idea to use hashes to store passwords.
Non-repudiation is the guarantee that someone cannot deny something. Usually, non-repudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that originated with them. For several years, authorities have wanted to make repudiation impossible in certain circumstances. You may deliver email that is registered, for instance, therefore recipient can`t deny that a mail was delivered. Similarly, a legal document typically requires witnesses to its signing so that the person who signs it cannot deny having done so. On the Internet, a digital signature is used not only to guarantee that a message or document has been electronically signed by the person that claim to have signed the document but also, since a digital signature can only be created by one person, to ensure that a person cannot later deny that they provided the signature.
Cryptography in .NET
.NET comes with a rich collection of cryptography objects that can help you provide better security in your applications. The cryptography objects in .NET all live within the System.Security.Cryptography namespace.