Programming Symmetrical Encryption (part 2) - Configuring the Algorithm

3. Configuring the Algorithm

The public properties of the SymmetricAlgorithm class provide a mechanism that allows you to configure an algorithm before data is encrypted or decrypted. The following sections describe the configuration options and the impact that each option has.

3.1. Block and key sizes

The KeySize and BlockSize properties represent the size (in bits) of the secret key and the size of block processed by the cipher function. Inspect and change the current settings as follows:

# C#

SymmetricAlgorithm x_alg = SymmetricAlgorithm.Create("Rijndael");

// print out the current values
Console.WriteLine("Block Size: {0}", x_alg.BlockSize);
Console.WriteLine("Key Size:   {0}", x_alg.KeySize);

// change the values
x_alg.BlockSize = 192;
x_alg.KeySize   = 128;

# Visual Basic .NET

Dim x_alg As SymmetricAlgorithm = SymmetricAlgorithm.Create("Rijndael")

' print out the current values
Console.WriteLine("Block Size: {0}", x_alg.BlockSize)
Console.WriteLine("Key Size:   {0}", x_alg.KeySize)

' change the values
x_alg.BlockSize = 192
x_alg.KeySize   = 128

Each algorithm supports a different set of block and key sizes;  Inspect the valid sizes programmatically using the LegalKeySizes and LegalBlockSizes properties, which rely on the KeySizes structure, summarized in Table 3.

Table 3. The KeySizes structure

Property	Description
MinSize	The smallest valid key size in bits
SkipSize	The interval between valid key sizes in bits
MaxSize	The largest valid key size in bits

Both properties return an array of the KeySizes structure, where each element represents a range of keys. To determine the valid key lengths, begin with the smallest valid size and append multiples of the skip size until you reach the largest valid size; for example, if MinSize is 16 bits, SkipSize is 8 bits, and MaxSize is 32 bits, then the valid key lengths would be 16, 24, and 32 bits. The following code demonstrates how to determine all of the valid key lengths for a SymmetricAlgorithm instance:

# C#

// create the encryption algorithm instance
SymmetricAlgorithm x_alg = SymmetricAlgorithm.Create("Rijndael");

// get the valid sizes for the secret key
KeySizes[] x_size_ranges = x_alg.LegalKeySizes;

// iterate through each KeyRange in the array
foreach (KeySizes x_range in x_size_ranges) {
    // only iterate through if there is a range to process
    if (x_range.SkipSize > 0) {
        // calculate each valid size
        for (int i = x_range.MinSize; i <= x_range.MaxSize; i+= x_range.SkipSize) {
            Console.WriteLine("Valid Secret Key Size: {0}", i);
        }
    } else {
        // there is no range - only a single value
        Console.WriteLine("Valid Secret Key Size: {0}", x_range.MinSize);
    }
}

# Visual Basic .NET

' create the encryption algorithm instance
Dim x_alg As SymmetricAlgorithm = SymmetricAlgorithm.Create("Rijndael")

' get the valid sizes for the secret key
Dim x_size_ranges(  ) As KeySizes = x_alg.LegalKeySizes

' iterate through each KeyRange in the array
Dim x_range As KeySizes
For Each x_range In x_size_ranges
    ' only iterate through if there is a range to process
    If x_range.SkipSize > 0 Then
        ' calculate each valid size
        Dim i As Integer
        For i = x_range.MinSize To x_range.MaxSize Step x_range.SkipSize
            Console.WriteLine("Valid Secret Key Size: {0}", i)
        Next
    Else
        ' there is no range - only a single value
        Console.WriteLine("Valid Secret Key Size: {0}", x_range.MinSize)
    End If
Next

					  

3.2. Cipher and padding modes

The .NET Framework supports the two padding modes . A member of the System.Security.Cryptography.PaddingMode enumeration, as summarized in Table 4, represents each padding mode. The Padding property of the SymmetricAlgorithm class allows the padding mode to be determined and changed.

Table 4. The members of the PaddingMode enumeration

Member	Description
PKCS7	Represents the PKCS #7 padding style, where the value of the padding bytes is the total number of padding bytes added to the partial data block
Zeros	Represents the use of padding bytes that are set to 0

The .NET Framework supports block cipher modes that include those, and some additional variations. The members of the System.Security.Cryptography.CipherMode enumeration, listed in Table 5, represent each cipher mode. The Mode property of the SymmetricAlgorithm class configures the cipher mode; note that not all encryption algorithms support all of the cipher modes.

Table 5. The members of the CipherMode enumeration

Member	Description
ECB	These members represent the modes .
CBC
CFB
CTS	This member represents the "Cipher Text Stealing" mode, which is a variation of the CBC mode that computes the last block of ciphertext in such a way as to ensure that the plaintext and the ciphertext are the same size.
OFB	This member represents the "Output Feedback" mode, which is a variation of the CFB mode, using a different technique to fill the queue.

The following code example demonstrates how to inspect the padding and cipher modes:

# C#

// create the encryption algorithm instance
SymmetricAlgorithm x_alg = SymmetricAlgorithm.Create("Rijndael");

// view the current settings
Console.WriteLine("Padding Mode: {0}", x_alg.Padding);
Console.WriteLine("Cipher Mode:  {0}", x_alg.Mode);

// change the padding and cipher modes
x_alg.Padding = PaddingMode.Zeros;
x_alg.Mode    = CipherMode.ECB;

# Visual Basic .NET

' create the encryption algorithm instance
Dim x_alg As SymmetricAlgorithm = SymmetricAlgorithm.Create("Rijndael")

' view the current settings
Console.WriteLine("Padding Mode: {0}", x_alg.Padding)
Console.WriteLine("Cipher Mode:  {0}", x_alg.Mode)

' change the padding and cipher modes
x_alg.Padding = PaddingMode.Zeros
x_alg.Mode = CipherMode.ECB

3.3. Keys and initialization vectors (IVs)

The .NET Framework expresses secret keys and initialization vectors (IVs) as arrays of bytes. The Key and IV properties of the SymmetricAlgorithm class allow you to get and set the values.

If you set values using the Key and IV properties, the SymmetricAlgorithm class will use them for encryption or decryption. If you wish to generate random values for the key and IV, simply get the values from the related properties, as illustrated in the following code fragment:

# C#

// create the encryption algorithm instance
SymmetricAlgorithm x_alg = SymmetricAlgorithm.Create("DES");

// we are "getting" the value of the secret key, which
// will lead the SymmetricAlgorithm class to create a
// new random key
byte[] x_secret_key = x_alg.Key;

// we are "setting" the value of the secret key, which 
// will now be used for any subsequent encryption or
// decryption operations
x_alg.Key = new byte[] {0xD0, 0x8C, 0xD3, 0xEB, 0x10, 0x60, 0x41, 0x59};

# Visual Basic .NET

' create the encryption algorithm instance
Dim x_alg As SymmetricAlgorithm = SymmetricAlgorithm.Create("DES")

' we are "getting" the value of the secret key, which
' will lead the SymmetricAlgorithm class to create a
' new random key
Dim x_secret_key(  ) As Byte = x_alg.Key

' we are "setting" the value of the secret key, which 
' will now be used for any subsequent encryption or
' decryption operations
x_alg.Key = New Byte(  ) {&HD0, &H8C, &HD3, &HEB, &H10, &H60, &H41, &H59}

					  

You do not have to get the values of the key and IV explicitly to create random values; implementation class creating new any encryption or decryption operation will lead to the SymetricAlgorithmKey and IV values if they have not been set. and If you are using randomly generated values, you must be sure to take note of the keyIV values used to encrypt the plaintext or you won't be able to decrypt the ciphertext.