**Encrypting data in C#** is an important concept. Data stored in a computer or transmitted through a network is mostly vulnerable. The reader can think that the OS offers enough authentication and access permission to folders. However, an attacker with user credentials and permissions can easily extract sensitive information.

The .NET framework includes classes for different cryptographic types that help protect sensitive data. There are symmetric and asymmetric encryption, hashing, and digital signatures. A brief description of each element is as follows:

- Symmetric encryption uses a secret key to encrypt and decrypt data.
- Asymmetric encryption uses two separate keys (a public key and a private key) to encrypt and decrypt data.
- Hashing is a mechanism to validate the integrity of data.
- Signed files with digital signatures are to verify that a file is authentic and has not been altered.

**C# Symmetric key encryption** (also known as secret-key encryption), is a cryptographic technique that uses a single secret key to encrypt and decrypt data. The methods within symmetric encryption are also known as “ciphers”, and process plain text using the secret key to generate encrypted data, called “cipher text”.

Symmetric algorithms are fast and are convenient when encrypting large amounts of data. Decrypting the data without the key can take an attacker hundreds of years (if a proper key length is used).

The disadvantage of this technique is that the secret key must be available to both the process that *encrypts* the data and the process that *decrypts* the data. This is a challenging problem because the key itself cannot be protected with symmetric encryption. The secure way to exchange the symmetric key is to encrypt it asymmetrically.

This way, the receiver would decrypt the securely transfered symmetric key, and then use the key to decrypt the rest of the data.

Most of the cryptograph functionality in the .NET framework is build into the System.Security.Cryptograph namespace. The encryption algorithm classes are

**RijndaelManaged** – The key length is from 128 to 256 bits, in 32-bit increments. This class and the AesManaged can be used in partially trusted environments.

**AesManaged** – the key length is 128 bit. This class is also an implementation of the Rijndael symmetric encryption algorithm. It is also known as Advance Encryption Standard, or AES.

**DES** – the key length is 56 bits. The Data Encryption Standard (DES) is an algorithm that uses a relative short key length, which is more vulnerable to cracking attacks. It should be avoided when possible. It remains for legacy systems compatibility.

**TripleDES** – The key length is 156 bits, of which only 112 bits are effectively used for encryption. This algorithm essentially applies the DES algorithm three times.

**RC2** – The key length is variable. This algorithm was designed to replace the DES, using variable key size.

The literature recommends to use the Rijndael symmetric encryption algorithm whenever possible if both encrypting and decrypting occurs on Windows XP or later operating systems. Otherwise use DES. The U.S government approved Rijndael as the more secure algorithm and it is natively supported by the .NET framework. The AesManaged class is similar but less flexible due to the key length.

Programming the Symmetric Algorithm >>

Other C# Articles