Cryptography in C# — Asymmetric and Symmetric Encryption

Cryptography in C# — Asymmetric and Symmetric Encryption


Cryptography has always been seen as a complex and intricate concept. While this is true in terms of the actual algorithms entailed, in most modern languages, C# inclusive we have a convenient and relatively stress-free method of implementing cryptographic concerns.

The code for this blog can be obtained here.

What is cryptography?

Cryptography is simply the process of encrypting a message with a key, to be decrypted by a final consumer.

There are three major classes of cryptographic algorithms; symmetric encryption, asymmetric encryption, and hash functions.

In this article, we will be expounding on symmetric encryption and asymmetric encryption. Hash functions will be covered in part 2 of this series.

Uses of cryptography

  • confidentiality: making the data only readable by the intended consumers.

  • Data integrity: ensuring the data wasn't mutated in an unidentified manner.

  • Non-repudiation: assurance that a party to a contract cannot deny the authenticity of a message that originates with them.

  • Authentication: ensuring only the right person acts.

Symmetric Encryption

Symmetric encryption is a type of encryption in which both the sender and the receiver use the same key to encrypt and decrypt the message.

Example: Jane wants to share an encrypted message with Dave, Jane encrypts this message using a key. She then shares this same key with Dave, who uses it to decrypt and read the message.

There are various types of symmetric encryption. In this article, we will cover DES/Triple DES and AES algorithms.

Examples of Symmetric Algorithms

DES and Triple DES Symmetric Algorithms

DES — Data Encryption Standard is a symmetric encryption algorithm that encrypts using 56 bits of data. The DES algorithm was broken, and as a result, came Triple DES; which encrypted and decrypted data with three keys.

Both DES and Triple DES are not recommended in modern applications, given the advancement of computational power made in the last few decades. We wouldn't be coding this because of this reason.

AES Symmetric Algorithms

AES (Advanced encryption standard) is a successor to the DES mentioned above after it was broken. Rather than the 56-bit key in DES, AES uses a 128, 192, or 256-bit key; making it less susceptible to brute force attacks.

AES is based on the Rigndaal cipher which is a series of encryption algorithms.

There are different modes of AES encryption with differing advantages and disadvantages. Some of the modes are:

  • ECB mode: Electronic Code Book mode

  • CBC mode: Cipher Block Chaining mode

  • CFB mode: Cipher Feedback mode

  • OFB mode: Output Feedback mode

  • CTR mode: Counter mode

  • GCM mode: Galois Counter Mode

We won't go into details about the different modes as that is beyond the scope of this article.

As part of this article, we will implement the AES algorithm with the CBC mode. (Note: The implementations of the other modes have a similar interface as the CBC modes)

Implementing AES with the CBC mode:

Step 1: Create a class and import necessary namespaces:

using System.Security.Cryptography;

Step 2: Create your encrypt method

Note the EncrypteCbc method.

public static byte[] Encrypt(byte[] data, byte[] key, byte[] initializationVector)
    using var aes = Aes.Create();
    aes.Key = key;
    var encryptedData = aes.EncryptCbc(data, initializationVector);

    return encryptedData;

Step 3: Create your decrypt method

Note the DecryptCbc method.

public static byte[] Decrypt(byte[] data,  byte[] key, byte[] initializationVector)
    using var aes = Aes.Create();
    aes.Key = key;
    var decryptedData = aes.DecryptCbc(data, initializationVector);

    return decryptedData;
  • "data": serialized data to be encrypted

  • "key": the key used for encryption

  • "initilizationVector": used to create variability in the encrypted data such that the same data encrypted with the same key would not produce the same output.

Step 4: Test your implementation

In the main method of your code, call your encrypt class as follows:

void TestSymmetricEncryption()
    var message = "Hello world!";

// generate our initialization vector
    var initializationVector = RandomNumberGenerator.GetBytes(16);

// generate our key
    var key = RandomNumberGenerator.GetBytes(32);

// encrypt our data
    var encryptedData = AesEncryption.Encrypt(message.ToBytes(), key, initializationVector);

// decrypt our data
    var decryptedData = AesEncryption.Decrypt(encryptedData, key, initializationVector);

Please note that the ToBytes() and BytesToString() methods are extension methods:

public static byte[] ToBytes(this string input)
    return Encoding.UTF8.GetBytes(input);

public static string BytesToString(this byte[] data)
    return Encoding.UTF8.GetString(data);

Advantages of Symmetric encryption:

  • it is extremely secure

  • it is relatively fast, compared to asymmetric encryption.

Disadvantages of Symmetric encryption:

  • Key sharing - for the receiver to decrypt the message, they have to have the same key used by the sender in the encryption. This is problematic because we need to be concerned about how to securely share the key and the negative impact that might ensue if the key is compromised.

Asymmetric Encryption

Asymmetric encryption attempts to solve the problem of key sharing in symmetric encryption by using two mathematically linked keys to encrypt and decrypt the data respectively. The public key encrypts the data, and the private key decrypts the data.

The private key can't be determined from the public key. Thus to be able to decrypt the data one must have the private key.

Example of Asymmetric encryption

RSA Algorithm

The RSA algorithm (Rivest-Shamir-Adleman) is an asymmetric algorithm; it facilitates the encryption and decryption of data with both private and public keys.

Implementing RSA Algorithm

Step 1: Create a new class and import the necessary namespaces

using System.Security.Cryptography;

Step 2: Create our encryptor and initialize it with the key size in bits (in our case 2048 bits - 256 bytes)

private readonly RSA _rsa; 

public RsaEncryption()
    _rsa = RSA.Create(2048);

Step 3: Create a method that is responsible for encrypting our data

public byte[] Encrypt(string dataToEncrypt)
    return _rsa.Encrypt(dataToEncrypt.ToBytes(), RSAEncryptionPadding.OaepSHA256);

Step 4: Create a method that is responsible for decrypting our data

public byte[] Decrypt(byte[] dataToDecrypt)
    return _rsa.Decrypt(dataToDecrypt, RSAEncryptionPadding.OaepSHA256);

Step 5: Create methods that facilitate the export/import of our public keys

public byte[] ExportPublicKey()
    return _rsa.ExportRSAPublicKey();

public void ImportPublicKey(byte[] publicKey)
    _rsa.ImportRSAPublicKey(publicKey, out _);

Step 6: Create a method that exports our private key

public byte[] ExportPrivateKey(int numberOfIterations, string password)
        var keyParams = new PbeParameters(
            PbeEncryptionAlgorithm.Aes256Cbc, HashAlgorithmName.SHA256, numberOfIterations);

        var encryptedPrivateKey = _rsa.ExportEncryptedPkcs8PrivateKey(
            password.ToBytes(), keyParams);

        return encryptedPrivateKey;

Step 7: Testing our implementation

void TestAsymmetricEncryption()
    // initialize our encryptor
    var rsa = new RsaEncryption();

    // create our private key
    byte[] encryptedPrivateKey = rsa.ExportPrivateKey(100000, "bjbh2j3hbjbjk33iui5br");

    // export our public key
    byte[] publicKey = rsa.ExportPublicKey();
    // our data to encrypt
    const string original = "Hello World!";

    // encrypt our data
    var encrypted = rsa.Encrypt(original);

    // create new encryptor to decrypt our data
    var rsa2 = new RsaEncryption();

    // import our public key

    // import the mathematically linked private key
    rsa2.ImportEncryptedPrivateKey(encryptedPrivateKey, "bjbh2j3hbjbjk33iui5br");

    // decrypt our data
    var decrypted = rsa2.Decrypt(encrypted).BytesToString();

Advantages of Asymmetric encryption:

  • It mitigates the effect of key sharing by providing two keys for this purpose.

Disadvantages of Asymmetric encryption:

  • The size of data to encrypt is limited.

Hybrid Encryption

Due to the disadvantage of asymmetric encryption (limitation of data size), a common approach is to encrypt our data with symmetric encryption and in turn, encrypt our symmetric key with asymmetric encryption.

Implementation of Hybrid Encryption

Step 1: Create a new class "HybridEncryption.cs" for hybrid encryption and import the useful namespaces.

Step 2: Create a new class "EncryptionPacket.cs" to package our encryption parameters and include the following properties.

public class EncryptionPacket
    public byte[] EncryptedSessionKey;
    public byte[] EncryptedData;
    public byte[] InitializationVector;

Step 3: Create a method "EncryptData" which will be responsible for encrypting our data.

public static EncryptionPacket EncryptData(byte[] original, AsymmetricEncryption.RsaEncryption rsaParams)
    // Generate our session key.
    var encryptionKey = RandomNumberGenerator.GetBytes(32);

    // Create the encrypted packet and generate the IV.
    var encryptedPacket = new EncryptionPacket { InitializationVector = RandomNumberGenerator.GetBytes(16) };

    // Encrypt our data with AES.
    encryptedPacket.EncryptedData = AesEncryption.Encrypt(original, encryptionKey, encryptedPacket.InitializationVector);

    // Encrypt the session key with RSA
    encryptedPacket.EncryptedSessionKey = rsaParams.Encrypt(encryptionKey);

    return encryptedPacket;

Step 4: Create a method "DecryptData" for the decryption of our data.

public static byte[] DecryptData(EncryptionPacket encryptedPacket, AsymmetricEncryption.RsaEncryption rsaEncryptor)
    // Decrypt AES Key with RSA.
    var decryptedSessionKey = rsaEncryptor.Decrypt(encryptedPacket.EncryptedSessionKey);

    // Decrypt our data with  AES using the decrypted session key.
    var decryptedData = AesEncryption.Decrypt(encryptedPacket.EncryptedData,
        decryptedSessionKey, encryptedPacket.InitializationVector);

    return decryptedData;

Step 5: Testing our implementation

void TestHybridEncryption()
    Console.WriteLine("********* Initializing Hybrid encryption test");
    const string message = "Hello World!";
    Console.WriteLine($"Original data: {message}");

    // initialize our rsa encryptor
    var rsaEncryptor = new RsaEncryption();

    // encrypt our data
    var encryptionPacket = HybridEncryption.EncryptData(message.ToBytes(), rsaEncryptor);
    Console.WriteLine($"Encrypted data: {Convert.ToBase64String(encryptionPacket.EncryptedData)}");

    // decrypt our data
    var decrypted = HybridEncryption.DecryptData(encryptionPacket, rsaEncryptor).BytesToString();
    Console.WriteLine($"Decrypted data: {decrypted}");

Advantages of Hybrid encryption:

  • It solves the problem of both symmetric and asymmetric encryption by addressing the problem of the size limitation of data to encrypt and eliminating the problem of sharing sensitive keys.

Disadvantages of Hybrid encryption:

  • It is slower than asymmetric and symmetric encryption because it combines both of them.