The example below shows the use of the RSA Cryptography provider. The typical private and public keys that you may normally associate with cryptography are generated while working with RSA cryptography provider. The owner of the key pair - you for example - issues the public key to anyone who wants it. The private key on the other hand must be kept secret in order to ensure the integrity of the encryption. Simply stated the process that this example goes through is as follows: Step 1: take the text out of the first textbox and encrypt it Step 2: store the resulting encrypted string in the second textbox Step 3: take the text out of the second textbox and decrypt it Step 4: show the resulting decrypted string in the third textbox. Please refer to the comments in the code for more detail. Note: The term "cryptography provider" refers to those classes in the System.Security.Cryptography namespace that implement their particular type of cryptography. As you look through the types in the Cryptography namespace, you will notice a few classes that sound like they implement the kind of cryptography that you are looking for. Many of these classes such as System.Security.Cryptography.RSA and System.Security.DES are abstract (or not-inheritable in Visual Basic.NET), meaning that you cannot directly create an instance of these classes. Each of these abstract classes have a corresponding provider (with "provider" in the class name) that you can work with.

 <%@ Page Language="C#"%><%@ Import namespace="System.Security.Cryptography" %>
<META content="Microsoft Visual Studio 7.0" name=GENERATOR>
<META content=C# name=CODE_LANGUAGE>
<META content=JavaScript name=vs_defaultClientScript>
<META content=http://schemas.microsoft.com/intellisense/ie5 
name=vs_targetSchema>
<SCRIPT language=C# runat="server">
    void btnEncrypt_Click(Object sender, EventArgs e)
    {
        // structure that holds the public/private key pair
        RSAParameters rsaParam;

        // create an instance of the RSA cryptography provider
        // at this point a new public/private key pair has been created
        // You have to instruct RSACryptoServiceProvider or DSACryptoServiceProvider to use 
        // machine key store (as in the following sample 
        // code) in scenarios such as a Web service, ASP Page, or COM+, where the user profile 
        // is not loaded by the system for performance
        // reasons. You can use the CspParameters parameter in 
        // the RSACryptoServiceProvider() constructor, as follows: 
        // Refer to Q322371 @ http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322371
        // Only other way to get around is run the aspnet_wp.exe worker process with SYSTEM 
        //credentials which I'd not recommend!

        CspParameters CSPParam = new CspParameters();
        CSPParam.Flags = CspProviderFlags.UseMachineKeyStore;
        RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(CSPParam);

        // get a byte array representing the first string
        byte[] byteInput = (new System.Text.UnicodeEncoding()).GetBytes(textBox1.Text);

        // encrypt the string using the provider and save the result to the byteEncrypted array
        byte[] byteEncrypted = rsa.Encrypt(byteInput, false);

        // the rsaParam structure contains the public/private key pair. 
        // by passing true to ExportParameters, we tell the provider to include the private key 
        rsaParam = rsa.ExportParameters(true);

        // for illustration purposes show the encrypted string in the second textbox
        // this string should not be readable.
        textBox2.Text = (new System.Text.UnicodeEncoding()).GetString(byteEncrypted);

        /*************************************************/
        // normally we would stop at this point 
        // and save the public/private key some where.
        // but let's go on to see how we would use the RSAParameters 
        // structure to decrypt the string
        /*************************************************/

        // import the RSAParameters structure that we used previously. 
        // normally at this point we would have to create another instance of the provider, 
        // which would generate another public/private key pair
        // that could not be used to decrypt the string. So we must use the original public/private 
        // key pair from the RSAParameters structure 
        rsa.ImportParameters(rsaParam);

        // get the encrypted string from the second textbox and store it in a byte array
        byte[] byteEncryptedString = (new System.Text.UnicodeEncoding()).GetBytes(textBox2.Text);

        // decrypt the data in the byte array using the provider
        // we pass false in the second parameter to tell the provider that we do not want to use 
        // OAEP padding, but don't worry about that for this example.
        byte[] byteDecryptedString = rsa.Decrypt(byteEncryptedString, false);

        // assign the resulting decrypted string to the third textbox
        textBox3.Text = (new System.Text.UnicodeEncoding()).GetString(byteDecryptedString); 
    }
    </SCRIPT>

<FORM id=Form1 method=post runat="server">string:<asp:textbox id=textBox1 
runat="server"></asp:textbox>
encrypted string:<asp:textbox id=textBox2 
runat="server"></asp:textbox>
decrypted string:<asp:textbox id=textBox3 
runat="server"></asp:textbox>
<asp:button id=btnEncrypt 
onclick=btnEncrypt_Click runat="server" 
text="Encrypt"></asp:button></FORM>

Derek Beyer derek@derekbeyer.com

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More ASP.NET Code Articles
More By Derek Beyer

 

developerWorks - FREE Tools!

NEW! Achieving True Agility -- How process can change the behavior of your tools Achieving true agility is a never-ending effort. We will showcase how you can become agile incrementally, a few practices at the time.Which practices should any agile team strive to adopt? What additional practices should you consider based on your needs to scale? Adopting practices are however made much easier with the right tool support. What about if your tools adapt to your practices? We will take a look at how the Jazz technology can be leveraged to make your process change the behavior of your tools. FREE! Go There Now!

NEW! Download IBM WebSphere Portal V6.1 beta code Download the IBM WebSphere Portal V6.1 beta code and learn more about the rich features and enhancements in IBM WebSphere Portal V6.1. WebSphere Portal provides a composite application or business mashup framework and the advanced tooling needed to build flexible, SOA-based solutions, and scalability to meet the needs of any size organization. FREE! Go There Now!

NEW! Download the free Web Application Security eKit Discover how IBM Rational AppScan Standard Edition can help you detext vulnerabilities in your web applications in the Web Application Security eKit. IBM Rational AppScan is a leading suite of automated web application security solutions that scan and test for common Web application vulnerabilities. The new Web Application Security eKit provides you with valuable resources, including white papers, demos, and additional information on the benefits of testing your Web applications. FREE! Go There Now!

NEW! IBM Enterprise Modernization Sandbox for System z IBM Enterprise Modernization solutions help organizations evolve core IT systems towards modern architectures and technologies—reducing the burden of maintenance and freeing up resources to develop new business requirements and capabilities. With the IBM Enterprise Modernization Sandbox for System z you can evaluate IBM Enterprise Modernization solutions focused on five key areas: Assets, Architectures, Skills, Processes and Infrastructures, and Investment. Each solution is based upon real customer experiences and offers a proven path to get you started with your modernization projects. FREE! Go There Now!

NEW! Rational Talks to You:Per Kroll on Rational Method Composer Plug-in customization Join this Rational Talks to You teleconference on December 11 at 1:00 pm ET to get tips on building your own plugins with Rational Method Composer. Get your questions answered! FREE! Go There Now!

NEW! Rational Testing eKits Discover how Rational tools and best practices for testing can make your job easier. The new Rational Testing eKits provide you with valuable resources – including demos, webcasts, tutorials, and articles – that help you address your specific testing needs across the software lifecycle. Five new eKits are available covering the topics of Requirements and Test Management, Functional Testing, Performance Testing, Code Quality and Embedded Systems, and SOA and Web Services Testing. FREE! Go There Now!

NEW! Trial download: IBM Rational Manual Tester V7.0.1 Try the latest version of IBM Rational Manual Tester V7.0.1 by downloading a free trial from IBM developerWorks. This manual test authoring and execution tool promotes test step reuse to reduce the impact of software change on testers and business analysts and addresses the needs of teams performing at least a portion of their testing manually. FREE! Go There Now!

NEW! Using Rational Business Developer to enhance your developer productivity Join this Rational Talks to You teleconference, to hear how Enterprise Generation Language (EGL) eliminates the need for tedious and error-prone low level coding, so developers can focus on business requirements. EGL extends the Rational software development platform with a simplified programming language that enables developers who have little or no experience with Java, Web technologies or Service Oriented Architecture, to create enterprise-class applications and services quickly and easily. It also allows developers who may have little or no mainframe programming experience to quickly create traditional mainframe components. FREE! Go There Now!

NEW! Webcast: Application security testing and Web compliance Join the IBM Watchfire team for an informative discussion on techniques and best practices to proactively manage Web application security and how to effectively build application security testing into the software development lifecycle (SDLC). In this Software Delivery Platform webcast you will learn: How to better understand potential web application security vulnerabilities, best practices and how to effectively integrate application security testing into the software development lifecycle, the importance of detecting and removing software vulnerabilities during application development. FREE! Go There Now!

NEW! Webcast: Introducing the new Information Server and Solutions community: LeverageInformation User communities play an important role in communication and collaboration around products, solutions and other areas of special interest to members. Successful communities are able to provide the right mix of content and services to deliver a value proposition that resonates with each audience. Join Tom Inman, VP of Marketing for Information and Platform Solutions as he introduces the new LeverageINFORMATION community. During this webcast, learn about the value provided by the community and how customers and partners derive value from the community in addressing their own technical and business challenges. FREE! Go There Now!

All FREE IBM® developerWorks Tools!