The System.Security.Cryptography namespace

Understanding .NET's crypto capabilities.

Let other users know how useful this tip is by rating it below. Got a tip or code of your own you'd like to share?

Submit it here!

Every now and then I stumble across an obvious reference that's just too good to ignore, and end up asking myself "How have I missed out on this for so long?" That's my story (and I'm sticking to it fervently) where Visual Studio Magazine is concerned. The March 2003 issue contains a wealth of treasures for VS aficionados, including a 5-page story by Travis Vandersypen entitled "Sure .NET Apps with Cryptography" that I'm abstracting to less than 20% of its original heft for the benefit of this tip.

Microsoft offers a set of classes to support a broad and fairly sophisticated range of cryptography services within the .NET Framework. Encased within its offerings, you'll find both private key encryption and public/private key encryption algorithms. Because these are also known as symmetric and asymmetric encryption algorithms, when the System.Security.Cryptography namespace provides classes for each one, it calls them SymmetricAlgorithm and AsymmetricAlgorithm respectively.

As far as the .NET Framework's symmetric encryption algorithms go, they include the following:

  • Data Encryption Standard (DES): in DES a 56-bit key is applied to 64-bit blocks of data, run in multiple modes and using 16 rounds or operations. Now somewhat outmoded (today's processors can break it too easily for it to be deemed entirely safe), it's usually employed three times in a row to strengthen its results (see Triple DES below). Look up DES or Triple DES on for more info.
  • Ron's Code 2 (RC2, "Ron" refers here to Ron Rivest, the R in RSA Technologies, and the author of numerous well-known and -used encryption algorithms): A variable key-size block cipher designed to be faster than DES and to work as a drop-in replacement for DEC. By varying the key size, it can be made more (>56 bits) or less (<56 bits) secure than DES. Before export conditions were lifted, RC algorithms were easier to export than the more tightly controlled DES technologies. Check out the RC2 entry in RSA's Techniques in Cryptography FAQ for more info.
  • Tripe DES (iterates DES algorithm thrice as part of basic operation): a stronger form of DES encryption widely used for volatile information or message traffic.

Each of these three serves as a super class for a .NET managed class. For each algorithm, you must define an encryption key and an initialization vector to make the associated encryption routines work. Suffice it to say that the key provides the mechanism for encryption and decryption (that's what makes it symmetric) and the initialization vector helps to randomize encryption so that two identical blocks of text won't ever encrypt the same way (that's a peachy way to break a code, and works better the longer the text block might be, so it's wise to avoid this by design whenever possible).

Working with private-key classes is relatively straightforward within the .NET Framework:

  • Instantiate the managed class.
  • Set an initialization vector.
  • Establish an encryption key.
  • Use the CryptoStream class to move information through an encryption or decryption routine.

In my next tip, I'll provide some code examples that do this very thing, so you can move from the abstract to the hands-on. In the meantime, check out the SymmetricAlgorithm and AsymmetricAlgorithm namespaces.

Ed Tittel is a principal at LANWrights, Inc. a wholly-owned subsidiary of, where he writes and teaches on a variety of subjects, including markup languages, development tools, and IT certifications. Contact Ed via e-mail at

This was first published in March 2003

Dig deeper on Win Development Resources



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: