DEV Community: Paul Ulvinius The latest articles on DEV Community by Paul Ulvinius (@paululvinius). https://dev.to/paululvinius https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F390524%2F631860d1-7404-4883-a419-3502c8413e07.png DEV Community: Paul Ulvinius https://dev.to/paululvinius en Cryptography with Practical Examples in .Net Core Paul Ulvinius Mon, 08 Jun 2020 09:57:19 +0000 https://dev.to/stratiteq/cryptography-with-practical-examples-in-net-core-1mc4 https://dev.to/stratiteq/cryptography-with-practical-examples-in-net-core-1mc4 <p>This week at <a href="https://dev.to/stratiteq">Stratiteq</a>, on our weekly tech talk we spoke about cryptography and concepts behind it with practical examples in .Net Core.</p> <p>Cryptography (from Ancient Greek, <em>cruptos</em> = "hidden", <em>graphein</em> = "to write") is the study of techniques for preventing third parties from reading or manipulating private messages. Cryptography has been around for a long time and it was mostly used for military purposes. Technology behind it did not change much over time and "boom" happened in second part of 20th century, so nowadays we can find cryptography everywhere:</p> <ul> <li>Secure network communication (TLS/SSL)</li> <li>Authentication and digital signatures</li> <li>Contactless</li> <li>Block chain technology</li> <li>Bank / credit cards</li> <li>Hard disk encryption</li> <li>GSM</li> <li>E-mail, FTP, biometry, etc...</li> </ul> <p>Cryptography is not just used in the technologies listed above, we can see many industry leaders talking about it, we see it disrupting industries and we can for sure say it is in some way changing the world around us.</p> <p>Even it sounds complicated, it more or less boils down into three simple concepts. We'll not go into math and science behind it, but we are going to explain the concepts and go through examples which you can try by yourself.</p> <p>Those three main concepts are:</p> <ul> <li>Hashing</li> <li>Encryption</li> <li>Signatures</li> </ul> <h1> Hashing </h1> <p><strong>Hashing</strong> can be simply explained as translation from input text into resulting text of fixed size by use of the algorithm.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzt8zdxwp6tdgnzinom3j.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzt8zdxwp6tdgnzinom3j.png" alt="Hashing"></a></p> <p>As you can see in above examples with just a slight change of input text, result will be completely different.</p> <p>Let's take a look at an example in .Net Core with use of SHA-256 algorithm. For following examples we'll have to use System.Security.Cryptography namespace, you can find more info about it <a href="https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography?view=dotnet-plat-ext-3.1" rel="noopener noreferrer">here</a>.</p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code> <span class="k">using</span> <span class="nn">System.Security.Cryptography</span><span class="p">;</span> </code></pre> </div> <p>In following function we are hashing texts to demonstrate how hashing works, and how results change if we just make a slight change to the text.</p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code> <span class="k">internal</span> <span class="k">static</span> <span class="k">void</span> <span class="nf">CryptographicHashFunctionDemo</span><span class="p">()</span> <span class="p">{</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">"***** Cryptographic hash demo *****"</span><span class="p">);</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">message</span> <span class="k">in</span> <span class="k">new</span><span class="p">[]</span> <span class="p">{</span> <span class="s">"Fox"</span><span class="p">,</span> <span class="s">"The red fox jumps over the blue dog"</span><span class="p">,</span> <span class="s">"The red fox jumps ouer the blue dog"</span><span class="p">,</span> <span class="s">"The red fox jumps oevr the blue dog"</span><span class="p">,</span> <span class="s">"The red fox jumps oer the blue dog"</span><span class="p">})</span> <span class="p">{</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">$"</span><span class="p">{</span> <span class="n">message</span> <span class="p">}</span><span class="s"> =&gt; </span><span class="p">{</span> <span class="n">CryptographicHash</span><span class="p">.</span><span class="nf">ComputeHash</span><span class="p">(</span><span class="n">message</span><span class="p">)</span> <span class="p">}</span><span class="s">"</span><span class="p">);</span> <span class="p">}</span> <span class="n">Console</span><span class="p">.</span><span class="nf">Write</span><span class="p">(</span><span class="n">Environment</span><span class="p">.</span><span class="n">NewLine</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>If we take a closer look at the ComputeHash we can see texts are encrypted with SHA-256 algorithm.</p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code> <span class="k">internal</span> <span class="k">static</span> <span class="kt">string</span> <span class="nf">ComputeHash</span><span class="p">(</span><span class="kt">string</span> <span class="n">message</span><span class="p">)</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">sha256</span> <span class="p">=</span> <span class="n">SHA256</span><span class="p">.</span><span class="nf">Create</span><span class="p">();</span> <span class="kt">var</span> <span class="n">hashedBytes</span> <span class="p">=</span> <span class="n">sha256</span><span class="p">.</span><span class="nf">ComputeHash</span><span class="p">(</span><span class="n">Encoding</span><span class="p">.</span><span class="n">UTF8</span><span class="p">.</span><span class="nf">GetBytes</span><span class="p">(</span><span class="n">message</span><span class="p">));</span> <span class="k">return</span> <span class="n">hashedBytes</span><span class="p">.</span><span class="nf">ToHex</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p>By running the code, you'll get following results.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F28z78sax8cjh6xf18r7v.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F28z78sax8cjh6xf18r7v.png" alt="Console"></a></p> <h1> Encryption </h1> <p><strong>Encryption</strong> is the process of sending information to a recipient that can't be interpreted unless having access to a key. Encryption always consist of two parts, an algorithm and a key.</p> <p>Encryption can be symmetric and asymmetric. In symmetric encryption same key is used for encryption and decryption, while in asymmetric different keys are in use: public key and private key.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F5qelfivmvfreo0uarbss.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F5qelfivmvfreo0uarbss.png" alt="symmetric-asymmetric"></a></p> <p><strong>Symmetric encryption</strong> can be seen in the following example. We create a key, encrypt message using the key and decrypt message using the same key.</p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code> <span class="k">internal</span> <span class="k">static</span> <span class="k">void</span> <span class="nf">SymmetricEncryptionDemo</span><span class="p">()</span> <span class="p">{</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">"***** Symmetric encryption demo *****"</span><span class="p">);</span> <span class="kt">var</span> <span class="n">unencryptedMessage</span> <span class="p">=</span> <span class="s">"To be or not to be, that is the question, whether tis nobler in the..."</span><span class="p">;</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">"Unencrypted message: "</span> <span class="p">+</span> <span class="n">unencryptedMessage</span><span class="p">);</span> <span class="c1">// 1. Create a key (shared key between sender and reciever).</span> <span class="kt">byte</span><span class="p">[]</span> <span class="n">key</span><span class="p">,</span> <span class="n">iv</span><span class="p">;</span> <span class="k">using</span> <span class="p">(</span><span class="n">Aes</span> <span class="n">aesAlg</span> <span class="p">=</span> <span class="n">Aes</span><span class="p">.</span><span class="nf">Create</span><span class="p">())</span> <span class="p">{</span> <span class="n">key</span> <span class="p">=</span> <span class="n">aesAlg</span><span class="p">.</span><span class="n">Key</span><span class="p">;</span> <span class="n">iv</span> <span class="p">=</span> <span class="n">aesAlg</span><span class="p">.</span><span class="n">IV</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// 2. Sender: Encrypt message using key</span> <span class="kt">var</span> <span class="n">encryptedMessage</span> <span class="p">=</span> <span class="n">SymmetricEncryption</span><span class="p">.</span><span class="nf">Encrypt</span><span class="p">(</span><span class="n">unencryptedMessage</span><span class="p">,</span> <span class="n">key</span><span class="p">,</span> <span class="n">iv</span><span class="p">);</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">"Sending encrypted message: "</span> <span class="p">+</span> <span class="n">encryptedMessage</span><span class="p">.</span><span class="nf">ToHex</span><span class="p">());</span> <span class="c1">// 3. Receiver: Decrypt message using same key</span> <span class="kt">var</span> <span class="n">decryptedMessage</span> <span class="p">=</span> <span class="n">SymmetricEncryption</span><span class="p">.</span><span class="nf">Decrypt</span><span class="p">(</span><span class="n">encryptedMessage</span><span class="p">,</span> <span class="n">key</span><span class="p">,</span> <span class="n">iv</span><span class="p">);</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">"Recieved and decrypted message: "</span> <span class="p">+</span> <span class="n">decryptedMessage</span><span class="p">);</span> <span class="n">Console</span><span class="p">.</span><span class="nf">Write</span><span class="p">(</span><span class="n">Environment</span><span class="p">.</span><span class="n">NewLine</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>In SymmetricEncryption class we have Encrypt and Decrypt defined as follows. You can notice we are using AES algorithm.</p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code> <span class="k">internal</span> <span class="k">static</span> <span class="kt">byte</span><span class="p">[]</span> <span class="nf">Encrypt</span><span class="p">(</span><span class="kt">string</span> <span class="n">message</span><span class="p">,</span> <span class="kt">byte</span><span class="p">[]</span> <span class="n">key</span><span class="p">,</span> <span class="kt">byte</span><span class="p">[]</span> <span class="n">iv</span><span class="p">)</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">aesAlg</span> <span class="p">=</span> <span class="n">Aes</span><span class="p">.</span><span class="nf">Create</span><span class="p">();</span> <span class="n">aesAlg</span><span class="p">.</span><span class="n">Key</span> <span class="p">=</span> <span class="n">key</span><span class="p">;</span> <span class="n">aesAlg</span><span class="p">.</span><span class="n">IV</span> <span class="p">=</span> <span class="n">iv</span><span class="p">;</span> <span class="kt">var</span> <span class="n">encryptor</span> <span class="p">=</span> <span class="n">aesAlg</span><span class="p">.</span><span class="nf">CreateEncryptor</span><span class="p">(</span><span class="n">aesAlg</span><span class="p">.</span><span class="n">Key</span><span class="p">,</span> <span class="n">aesAlg</span><span class="p">.</span><span class="n">IV</span><span class="p">);</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">ms</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">MemoryStream</span><span class="p">();</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">cs</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">CryptoStream</span><span class="p">(</span><span class="n">ms</span><span class="p">,</span> <span class="n">encryptor</span><span class="p">,</span> <span class="n">CryptoStreamMode</span><span class="p">.</span><span class="n">Write</span><span class="p">);</span> <span class="k">using</span> <span class="p">(</span><span class="kt">var</span> <span class="n">sw</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">StreamWriter</span><span class="p">(</span><span class="n">cs</span><span class="p">))</span> <span class="p">{</span> <span class="n">sw</span><span class="p">.</span><span class="nf">Write</span><span class="p">(</span><span class="n">message</span><span class="p">);</span> <span class="c1">// Write all data to the stream.</span> <span class="p">}</span> <span class="k">return</span> <span class="n">ms</span><span class="p">.</span><span class="nf">ToArray</span><span class="p">();</span> <span class="p">}</span> <span class="k">internal</span> <span class="k">static</span> <span class="kt">string</span> <span class="nf">Decrypt</span><span class="p">(</span><span class="kt">byte</span><span class="p">[]</span> <span class="n">cipherText</span><span class="p">,</span> <span class="kt">byte</span><span class="p">[]</span> <span class="n">key</span><span class="p">,</span> <span class="kt">byte</span><span class="p">[]</span> <span class="n">iv</span><span class="p">)</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">aesAlg</span> <span class="p">=</span> <span class="n">Aes</span><span class="p">.</span><span class="nf">Create</span><span class="p">();</span> <span class="n">aesAlg</span><span class="p">.</span><span class="n">Key</span> <span class="p">=</span> <span class="n">key</span><span class="p">;</span> <span class="n">aesAlg</span><span class="p">.</span><span class="n">IV</span> <span class="p">=</span> <span class="n">iv</span><span class="p">;</span> <span class="kt">var</span> <span class="n">decryptor</span> <span class="p">=</span> <span class="n">aesAlg</span><span class="p">.</span><span class="nf">CreateDecryptor</span><span class="p">(</span><span class="n">aesAlg</span><span class="p">.</span><span class="n">Key</span><span class="p">,</span> <span class="n">aesAlg</span><span class="p">.</span><span class="n">IV</span><span class="p">);</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">ms</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">MemoryStream</span><span class="p">(</span><span class="n">cipherText</span><span class="p">);</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">cs</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">CryptoStream</span><span class="p">(</span><span class="n">ms</span><span class="p">,</span> <span class="n">decryptor</span><span class="p">,</span> <span class="n">CryptoStreamMode</span><span class="p">.</span><span class="n">Read</span><span class="p">);</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">sr</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">StreamReader</span><span class="p">(</span><span class="n">cs</span><span class="p">);</span> <span class="k">return</span> <span class="n">sr</span><span class="p">.</span><span class="nf">ReadToEnd</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p>If you run the code, you'll get following result.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F2n4uavp06haggjbk3cu8.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F2n4uavp06haggjbk3cu8.png" alt="Console 2"></a></p> <p><strong>Asymmetric encryption</strong> has few common algorithms that are in the use:</p> <ul> <li>RSA; by Ron Rivest, Adi Shamir and Len Adleman; from 1977</li> <li>EC (Elliptic Curve); Neal Koblitz and Victor S. Miller; from 1985</li> </ul> <p>These algorithms can be used for encryption and decryption, as well as digital signatures.</p> <p>In another example we can see asymmetric encryption in action using the RSA algorithm.</p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code> <span class="k">internal</span> <span class="k">static</span> <span class="k">void</span> <span class="nf">AsymmetricEncryptionDemo</span><span class="p">()</span> <span class="p">{</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">"***** Asymmetric encryption demo *****"</span><span class="p">);</span> <span class="kt">var</span> <span class="n">unencryptedMessage</span> <span class="p">=</span> <span class="s">"To be or not to be, that is the question, whether tis nobler in the..."</span><span class="p">;</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">"Unencrypted message: "</span> <span class="p">+</span> <span class="n">unencryptedMessage</span><span class="p">);</span> <span class="c1">// 1. Create a public / private key pair.</span> <span class="n">RSAParameters</span> <span class="n">privateAndPublicKeys</span><span class="p">,</span> <span class="n">publicKeyOnly</span><span class="p">;</span> <span class="k">using</span> <span class="p">(</span><span class="kt">var</span> <span class="n">rsaAlg</span> <span class="p">=</span> <span class="n">RSA</span><span class="p">.</span><span class="nf">Create</span><span class="p">())</span> <span class="p">{</span> <span class="n">privateAndPublicKeys</span> <span class="p">=</span> <span class="n">rsaAlg</span><span class="p">.</span><span class="nf">ExportParameters</span><span class="p">(</span><span class="n">includePrivateParameters</span><span class="p">:</span> <span class="k">true</span><span class="p">);</span> <span class="n">publicKeyOnly</span> <span class="p">=</span> <span class="n">rsaAlg</span><span class="p">.</span><span class="nf">ExportParameters</span><span class="p">(</span><span class="n">includePrivateParameters</span><span class="p">:</span> <span class="k">false</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// 2. Sender: Encrypt message using public key</span> <span class="kt">var</span> <span class="n">encryptedMessage</span> <span class="p">=</span> <span class="n">AsymmetricEncryption</span><span class="p">.</span><span class="nf">Encrypt</span><span class="p">(</span><span class="n">unencryptedMessage</span><span class="p">,</span> <span class="n">publicKeyOnly</span><span class="p">);</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">"Sending encrypted message: "</span> <span class="p">+</span> <span class="n">encryptedMessage</span><span class="p">.</span><span class="nf">ToHex</span><span class="p">());</span> <span class="c1">// 3. Receiver: Decrypt message using private key</span> <span class="kt">var</span> <span class="n">decryptedMessage</span> <span class="p">=</span> <span class="n">AsymmetricEncryption</span><span class="p">.</span><span class="nf">Decrypt</span><span class="p">(</span><span class="n">encryptedMessage</span><span class="p">,</span> <span class="n">privateAndPublicKeys</span><span class="p">);</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">"Recieved and decrypted message: "</span> <span class="p">+</span> <span class="n">decryptedMessage</span><span class="p">);</span> <span class="n">Console</span><span class="p">.</span><span class="nf">Write</span><span class="p">(</span><span class="n">Environment</span><span class="p">.</span><span class="n">NewLine</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>As you can see, in the AsymmetricEncryptionDemo function we create a public and a private key pair, we encrypt the message using the public key and we decrypt message using the private key.</p> <p>Encrypt and Decrypt are defined as follows and we are using RSA algorithm.</p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code> <span class="k">internal</span> <span class="k">static</span> <span class="kt">byte</span><span class="p">[]</span> <span class="nf">Encrypt</span><span class="p">(</span><span class="kt">string</span> <span class="n">message</span><span class="p">,</span> <span class="n">RSAParameters</span> <span class="n">rsaParameters</span><span class="p">)</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">rsaAlg</span> <span class="p">=</span> <span class="n">RSA</span><span class="p">.</span><span class="nf">Create</span><span class="p">(</span><span class="n">rsaParameters</span><span class="p">);</span> <span class="k">return</span> <span class="n">rsaAlg</span><span class="p">.</span><span class="nf">Encrypt</span><span class="p">(</span><span class="n">Encoding</span><span class="p">.</span><span class="n">UTF8</span><span class="p">.</span><span class="nf">GetBytes</span><span class="p">(</span><span class="n">message</span><span class="p">),</span> <span class="n">RSAEncryptionPadding</span><span class="p">.</span><span class="n">Pkcs1</span><span class="p">);</span> <span class="p">}</span> <span class="k">internal</span> <span class="k">static</span> <span class="kt">string</span> <span class="nf">Decrypt</span><span class="p">(</span><span class="kt">byte</span><span class="p">[]</span> <span class="n">cipherText</span><span class="p">,</span> <span class="n">RSAParameters</span> <span class="n">rsaParameters</span><span class="p">)</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">rsaAlg</span> <span class="p">=</span> <span class="n">RSA</span><span class="p">.</span><span class="nf">Create</span><span class="p">(</span><span class="n">rsaParameters</span><span class="p">);</span> <span class="kt">var</span> <span class="n">decryptedMessage</span> <span class="p">=</span> <span class="n">rsaAlg</span><span class="p">.</span><span class="nf">Decrypt</span><span class="p">(</span><span class="n">cipherText</span><span class="p">,</span> <span class="n">RSAEncryptionPadding</span><span class="p">.</span><span class="n">Pkcs1</span><span class="p">);</span> <span class="k">return</span> <span class="n">Encoding</span><span class="p">.</span><span class="n">UTF8</span><span class="p">.</span><span class="nf">GetString</span><span class="p">(</span><span class="n">decryptedMessage</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Result in the console looks as follows.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fxqut55r79eypvg9s0nil.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fxqut55r79eypvg9s0nil.png" alt="Console 3"></a></p> <h1> Digital signatures </h1> <p><strong>Digital signatures</strong> are built on top of asymmetric cryptography. They are used to send information to recipients who can verify that the information was sent from a trusted sender, using a public key.</p> <p>Let's take a look at the example of digital signature:</p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code> <span class="k">internal</span> <span class="k">static</span> <span class="k">void</span> <span class="nf">MessageSignatureDemo</span><span class="p">()</span> <span class="p">{</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">"***** Message signature demo *****"</span><span class="p">);</span> <span class="kt">var</span> <span class="n">message</span> <span class="p">=</span> <span class="s">"To be or not to be, that is the question, whether tis nobler in the..."</span><span class="p">;</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">"Message to be verified: "</span> <span class="p">+</span> <span class="n">message</span><span class="p">);</span> <span class="c1">// 1. Create a public / private key pair.</span> <span class="n">RSAParameters</span> <span class="n">privateAndPublicKeys</span><span class="p">,</span> <span class="n">publicKeyOnly</span><span class="p">;</span> <span class="k">using</span> <span class="p">(</span><span class="kt">var</span> <span class="n">rsaAlg</span> <span class="p">=</span> <span class="n">RSA</span><span class="p">.</span><span class="nf">Create</span><span class="p">())</span> <span class="p">{</span> <span class="n">privateAndPublicKeys</span> <span class="p">=</span> <span class="n">rsaAlg</span><span class="p">.</span><span class="nf">ExportParameters</span><span class="p">(</span><span class="n">includePrivateParameters</span><span class="p">:</span> <span class="k">true</span><span class="p">);</span> <span class="n">publicKeyOnly</span> <span class="p">=</span> <span class="n">rsaAlg</span><span class="p">.</span><span class="nf">ExportParameters</span><span class="p">(</span><span class="n">includePrivateParameters</span><span class="p">:</span> <span class="k">false</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// 2. Sender: Sign message using private key</span> <span class="kt">var</span> <span class="n">signature</span> <span class="p">=</span> <span class="n">AsymmetricEncryption</span><span class="p">.</span><span class="nf">Sign</span><span class="p">(</span><span class="n">message</span><span class="p">,</span> <span class="n">privateAndPublicKeys</span><span class="p">);</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">"Message signature: "</span> <span class="p">+</span> <span class="n">signature</span><span class="p">.</span><span class="nf">ToHex</span><span class="p">());</span> <span class="c1">// 3. Receiver: Verify message authenticity using public key</span> <span class="kt">var</span> <span class="n">isTampered</span> <span class="p">=</span> <span class="n">AsymmetricEncryption</span><span class="p">.</span><span class="nf">Verify</span><span class="p">(</span><span class="n">message</span><span class="p">,</span> <span class="n">signature</span><span class="p">,</span> <span class="n">publicKeyOnly</span><span class="p">);</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">"Message is untampered: "</span> <span class="p">+</span> <span class="n">isTampered</span><span class="p">.</span><span class="nf">ToString</span><span class="p">());</span> <span class="n">Console</span><span class="p">.</span><span class="nf">Write</span><span class="p">(</span><span class="n">Environment</span><span class="p">.</span><span class="n">NewLine</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>In the MessageSignatureDemo function we create a public and a private key pair, we sign the message with the private key and we verify the message for authenticity using public key.</p> <p>Sign and Verify works in the following way, we're using the RSA algorithm.</p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code> <span class="k">internal</span> <span class="k">static</span> <span class="kt">byte</span><span class="p">[]</span> <span class="nf">Sign</span><span class="p">(</span><span class="kt">string</span> <span class="n">message</span><span class="p">,</span> <span class="n">RSAParameters</span> <span class="n">rsaParameters</span><span class="p">)</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">rsaAlg</span> <span class="p">=</span> <span class="n">RSA</span><span class="p">.</span><span class="nf">Create</span><span class="p">(</span><span class="n">rsaParameters</span><span class="p">);</span> <span class="k">return</span> <span class="n">rsaAlg</span><span class="p">.</span><span class="nf">SignData</span><span class="p">(</span><span class="n">Encoding</span><span class="p">.</span><span class="n">UTF8</span><span class="p">.</span><span class="nf">GetBytes</span><span class="p">(</span><span class="n">message</span><span class="p">),</span> <span class="n">HashAlgorithmName</span><span class="p">.</span><span class="n">SHA256</span><span class="p">,</span> <span class="n">RSASignaturePadding</span><span class="p">.</span><span class="n">Pkcs1</span><span class="p">);</span> <span class="p">}</span> <span class="k">internal</span> <span class="k">static</span> <span class="kt">bool</span> <span class="nf">Verify</span><span class="p">(</span><span class="kt">string</span> <span class="n">message</span><span class="p">,</span> <span class="kt">byte</span><span class="p">[]</span> <span class="n">signature</span><span class="p">,</span> <span class="n">RSAParameters</span> <span class="n">rsaParameters</span><span class="p">)</span> <span class="p">{</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">rsaAlg</span> <span class="p">=</span> <span class="n">RSA</span><span class="p">.</span><span class="nf">Create</span><span class="p">(</span><span class="n">rsaParameters</span><span class="p">);</span> <span class="k">return</span> <span class="n">rsaAlg</span><span class="p">.</span><span class="nf">VerifyData</span><span class="p">(</span><span class="n">Encoding</span><span class="p">.</span><span class="n">UTF8</span><span class="p">.</span><span class="nf">GetBytes</span><span class="p">(</span><span class="n">message</span><span class="p">),</span> <span class="n">signature</span><span class="p">,</span> <span class="n">HashAlgorithmName</span><span class="p">.</span><span class="n">SHA256</span><span class="p">,</span> <span class="n">RSASignaturePadding</span><span class="p">.</span><span class="n">Pkcs1</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Console will display following result for running digital signature example.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fatkq03r2gymwlmcwzfiq.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fatkq03r2gymwlmcwzfiq.png" alt="Console 4"></a></p> <p>Project and all code from this blog post is available at the GitHub <a href="https://github.com/stratiteq/techcomp-crypto" rel="noopener noreferrer">here</a>. Thanks for reading!</p> csharp cryptography dotnet