3. Configuring the Algorithm
The public properties of the SymmetricAlgorithm
class provide a mechanism that allows you to configure an algorithm
before data is encrypted or decrypted. The following sections
describe the configuration options and the impact that each option
has.
3.1. Block and key sizes
The KeySize and BlockSize
properties represent the size (in bits) of the
secret key and the size of block processed by the cipher function.
Inspect and change the current settings as follows:
# C#
SymmetricAlgorithm x_alg = SymmetricAlgorithm.Create("Rijndael");
// print out the current values
Console.WriteLine("Block Size: {0}", x_alg.BlockSize);
Console.WriteLine("Key Size: {0}", x_alg.KeySize);
// change the values
x_alg.BlockSize = 192;
x_alg.KeySize = 128;
# Visual Basic .NET
Dim x_alg As SymmetricAlgorithm = SymmetricAlgorithm.Create("Rijndael")
' print out the current values
Console.WriteLine("Block Size: {0}", x_alg.BlockSize)
Console.WriteLine("Key Size: {0}", x_alg.KeySize)
' change the values
x_alg.BlockSize = 192
x_alg.KeySize = 128
Each algorithm supports a different set of block and key sizes; Inspect the valid
sizes programmatically using the LegalKeySizes and
LegalBlockSizes properties, which rely on the
KeySizes structure, summarized in Table 3.
Table 3. The KeySizes structure
|
Property
|
Description
|
|---|
|
MinSize
|
The smallest valid key size in bits
|
|
SkipSize
|
The interval between valid key sizes in bits
|
|
MaxSize
|
The largest valid key size in bits
|
Both properties return an array of the KeySizes
structure, where each element represents a range of keys. To
determine the valid key lengths, begin with the smallest valid size
and append multiples of the skip size until you reach the largest
valid size; for example, if MinSize is 16 bits,
SkipSize is 8 bits, and MaxSize
is 32 bits, then the valid key lengths would be 16, 24, and 32 bits.
The following code demonstrates how to determine all of the valid key
lengths for a SymmetricAlgorithm instance:
# C#
// create the encryption algorithm instance
SymmetricAlgorithm x_alg = SymmetricAlgorithm.Create("Rijndael");
// get the valid sizes for the secret key
KeySizes[] x_size_ranges = x_alg.LegalKeySizes;
// iterate through each KeyRange in the array
foreach (KeySizes x_range in x_size_ranges) {
// only iterate through if there is a range to process
if (x_range.SkipSize > 0) {
// calculate each valid size
for (int i = x_range.MinSize; i <= x_range.MaxSize; i+= x_range.SkipSize) {
Console.WriteLine("Valid Secret Key Size: {0}", i);
}
} else {
// there is no range - only a single value
Console.WriteLine("Valid Secret Key Size: {0}", x_range.MinSize);
}
}
# Visual Basic .NET
' create the encryption algorithm instance
Dim x_alg As SymmetricAlgorithm = SymmetricAlgorithm.Create("Rijndael")
' get the valid sizes for the secret key
Dim x_size_ranges( ) As KeySizes = x_alg.LegalKeySizes
' iterate through each KeyRange in the array
Dim x_range As KeySizes
For Each x_range In x_size_ranges
' only iterate through if there is a range to process
If x_range.SkipSize > 0 Then
' calculate each valid size
Dim i As Integer
For i = x_range.MinSize To x_range.MaxSize Step x_range.SkipSize
Console.WriteLine("Valid Secret Key Size: {0}", i)
Next
Else
' there is no range - only a single value
Console.WriteLine("Valid Secret Key Size: {0}", x_range.MinSize)
End If
Next
3.2. Cipher and padding modes
The .NET Framework supports the two padding modes . A member of
the System.Security.Cryptography.PaddingMode
enumeration, as summarized in Table 4,
represents each padding mode. The Padding property
of the SymmetricAlgorithm class allows the padding
mode to be determined and changed.
Table 4. The members of the PaddingMode enumeration
|
Member
|
Description
|
|---|
|
PKCS7
|
Represents the PKCS #7 padding style, where the value of the padding
bytes is the total number of padding bytes added to the partial data
block
|
|
Zeros
|
Represents the use of padding bytes that are set to 0
|
The .NET Framework supports block cipher modes that include those, and some additional variations. The members
of the System.Security.Cryptography.CipherMode
enumeration, listed in Table 5, represent each
cipher mode. The Mode property of the
SymmetricAlgorithm class configures the cipher
mode; note that not all encryption algorithms support all of the
cipher modes.
Table 5. The members of the CipherMode enumeration
|
Member
|
Description
|
|---|
|
ECB
|
These members represent the modes .
|
|
CBC
| |
|
CFB
| |
|
CTS
|
This member represents the "Cipher Text
Stealing" mode, which is a variation of the CBC mode
that computes the last block of ciphertext in such a way as to ensure
that the plaintext and the ciphertext are the same size.
|
|
OFB
|
This member represents the "Output
Feedback" mode, which is a variation of the CFB
mode, using a different technique to fill the queue.
|
The following code example demonstrates how to inspect the padding
and cipher modes:
# C#
// create the encryption algorithm instance
SymmetricAlgorithm x_alg = SymmetricAlgorithm.Create("Rijndael");
// view the current settings
Console.WriteLine("Padding Mode: {0}", x_alg.Padding);
Console.WriteLine("Cipher Mode: {0}", x_alg.Mode);
// change the padding and cipher modes
x_alg.Padding = PaddingMode.Zeros;
x_alg.Mode = CipherMode.ECB;
# Visual Basic .NET
' create the encryption algorithm instance
Dim x_alg As SymmetricAlgorithm = SymmetricAlgorithm.Create("Rijndael")
' view the current settings
Console.WriteLine("Padding Mode: {0}", x_alg.Padding)
Console.WriteLine("Cipher Mode: {0}", x_alg.Mode)
' change the padding and cipher modes
x_alg.Padding = PaddingMode.Zeros
x_alg.Mode = CipherMode.ECB
3.3. Keys and initialization vectors (IVs)
The .NET Framework expresses secret keys and
initialization vectors (IVs) as
arrays of bytes. The Key and IV
properties of the SymmetricAlgorithm class allow
you to get and set the values.
If you set values using the Key and
IV properties, the
SymmetricAlgorithm class will use them for
encryption or decryption. If you wish to generate random values for
the key and IV, simply get the values from the related properties, as
illustrated in the following code fragment:
# C#
// create the encryption algorithm instance
SymmetricAlgorithm x_alg = SymmetricAlgorithm.Create("DES");
// we are "getting" the value of the secret key, which
// will lead the SymmetricAlgorithm class to create a
// new random key
byte[] x_secret_key = x_alg.Key;
// we are "setting" the value of the secret key, which
// will now be used for any subsequent encryption or
// decryption operations
x_alg.Key = new byte[] {0xD0, 0x8C, 0xD3, 0xEB, 0x10, 0x60, 0x41, 0x59};
# Visual Basic .NET
' create the encryption algorithm instance
Dim x_alg As SymmetricAlgorithm = SymmetricAlgorithm.Create("DES")
' we are "getting" the value of the secret key, which
' will lead the SymmetricAlgorithm class to create a
' new random key
Dim x_secret_key( ) As Byte = x_alg.Key
' we are "setting" the value of the secret key, which
' will now be used for any subsequent encryption or
' decryption operations
x_alg.Key = New Byte( ) {&HD0, &H8C, &HD3, &HEB, &H10, &H60, &H41, &H59}
You do not have to get the values of the key and
IV explicitly to create random values; implementation class creating
new any
encryption or decryption operation will lead to the
SymetricAlgorithmKey and IV values if they
have not been set. and
If you are using randomly generated values, you
must be sure to take note of the keyIV values used to encrypt the plaintext or you
won't be able to decrypt the ciphertext.
