When working with public networks involved with creating and managing web applications that are accessible over the internet, your application is at high risk of being intercepted and modified by unauthorized parties. Cryptography allows us to protect data from such unauthorized parties from being viewed or modified. Cryptography also provides ways to protect our data and assists in the transfer of data securely over the network. To perform such operations, we can use encryption algorithms to create cipher data prior to transmission. When intercepted by unauthorized parties, it will be difficult for them to decrypt this in order to read or modify this data.

To perform such operations, .NET framework is shipped with the System.Secure.Cryptography namespace, which comes with many algorithms, including the following:

• Secret key encryption
• Public key encryption
• Digital signatures
• Hash values

Let's jump into an example regarding where cryptography can be used. Suppose, as a customer, that I am trying to place an order for a laptop over the internet. For this, I am chatting with the company's representative. Once I am sufficiently satisfied with the quote, the discount offered, and the terms and conditions to place an order, I then need to provide personal and credit card information via this channel. 

So, how can we ensure the following in this regard?

• That this information is unclear for anyone listening in on our conversation
• That there was no unauthorized access to the information transferred
• That the information received is from the company's representative

All of this can be achieved with the implementation of cryptographic algorithms. These algorithms facilitate confidentiality, data integrity, authentication, and non-repudiation.

Confidentiality protects the identity of users, data integrity protects data from being changed, authentication ensures that data is from an authenticated party, and non-repudiation prevents any party from denying that a message was sent.

.NET Framework provides different algorithms, as mentioned earlier. Although these are numerous, we will limit our discussion to four major ones in this chapter. 

Secret-key encryption, which is also referred to as symmetric encryption, uses a single shared key to encrypt and decrypt data. In this regard, however, it is important to keep the secret information safe from unauthorized access because anyone in possession of this key can then access the data and misuse it. Because it uses the same key for both encryption and decryption, this works faster and is suitable for large amounts of data. There are different types of algorithm available, such as DES (short for Data Encryption Standard), triple DES, and AES (short for Advanced Encryption Standard). These algorithms encrypt blocks of data simultaneously, so they are also referred to as block ciphers. DES and Triple DES use 8 bytes as a block, while AES uses 16 bytes as a block, but also supports 24 and 32 bytes.

Public-key encryption, also referred to as asymmetric encryption, uses public/private keys to encrypt and decrypt data. Of these two keys, the private key must be kept secret from unauthorized access, as anyone with the private key can access your data. Public and private keys in this encryption technique are mathematically linked and use a fixed buffer size. These are slow compared to secret key encryption, and are useful for encrypting small amounts of data. Any data encrypted using a public key can only be decrypted using a private key. Also, if you sign data using a private key, it can only be verified using a public key.

Digital signing uses digital signatures that are unique to that party. As mentioned in public key encryption, a party can sign the data using a private key and, when the other party receives information and when the public key of the sending party is trusted, you can identify who sent the message and, in turn, maintain the integrity of the data.

Since the public key of the sending party is public, anyone in possession of the public key can process the message, meaning that your message is not secret. To keep it secret, you also need to encrypt the message.

Hash values map data of any length to a fixed-length byte sequence. When you have a block of text and change it prior to rehashing, it will produce a new hash. This way, we can maintain data integrity during transfer.

However, as has been discussed in relation to other cryptographic methods, this method does not authenticate the sender of the message.