Symmetric Encryption and Decryption within .NET Framework

Encryption is a method to garble text into another form of text not recognizable to people. There two main types of encryption. We’ll examine them in more details.

Let’s start with most widely used which is called Symmetric Key encryption. This encryption uses a key that is known to both parties involved in transmission of encrypted messages. This key is used to encrypt and then decrypt messages and should be protected at all times. The only limitation of this method is time. In order to establish secure exchange of documents we need to send key to our other party first and only then we can start our transmission. Clearly, in the age of internet it’s not going to work for encrypted internet traffic. One of the main advantages often sighted is symmetric key speed. It is very fast way to encrypt and decrypt messages. It is also very secure and the only way to decrypt text is by utilizing brute force trying to crack this key. Which is daunting tasks since you will have to come up with 256 key possibilities. The other way to crack encrypted text is to steal this key from one of the party involved. So, this is extremely important to protect this key at all cost.

There are several classes available


RijndaelManaged Rijndael symmetric encryption algorithm
RC2 An encryption standard
DES Symmetric encryption algorithm
TripleDES Triple DES (3DES) symmetric encryption algorithm

All of the above mentioned classes are derived from System.Security.Cryptography.SymmetricAlgorithm base class and share same list of propertiese.

  • BlockSize – number of bit algorithm needs to process at a time.
  • FeedbackSize – determines feedback bits size of the cryptographic operation.
  • IV - vector for the symmetric algorithm.
  • Key - secret key for the symmetric algorithm.
  • KeySize - size of the secret key in bits.
  • LegalBlockSizes - KeySizes array with MinSize and MaxSize properties.
  • LegalKeySizes - KeySizes with MinSize and MaxSize.
  • Mode - set to Cipher Block Chaining (CBC).
  • Padding - determines difference between theblock size and the length of the plain text.
System.Security.Cryptography.SymmetricAlgorithm Methods


  • CreateDecryptor - used to decrypt the stream.
  • CreateEncryptor used to encrypt a stream.
  • GenerateIV - generates a random IV that is used for the algorithm.
  • GenerateKey - generates a random key that is used for the algorithm.
  • ValidKeySize – validates key for the given algorithm.
Symetric Key is created with the help of Password via System.Security.Cryptography.Rfc2898DeriveBytes class which turns password into key. This class requires four values: password, salt value, IV, and number of iterations. In addition, we need to make sure that password, salt value and number of iterations are shared among two parties since they will be required to encrypt and decrypt text.

string myPassword = "password";
RijndaelManaged mineAlg = new RijndaelManaged();

byte[] salt = Encoding.ASCII.GetBytes("This is sa1t");
Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(myPassword, salt);
mineAlg.Key = key.GetBytes(mineAlg.KeySize / 8);
mineAlg.IV = key.GetBytes(mineAlg.BlockSize / 8);

Encrypting and Decrypting Messages Using Symmetric Key can be done in this way.

string inMyFileName = @"C:\Boot.ini";
string outMyFileName = @"C:\Boot.ini.enc";

FileStream inmyFile = new FileStream(inMyFileName, FileMode.Open, FileAccess.Read);
FileStream outMyFile = new FileStream(outMyFileName, FileMode.OpenOrCreate, FileAccess.Write);

SymmetricAlgorithm myAlg = new RijndaelManaged();


byte[] fileData = new byte[inMyFile.Length];
inMyFile.Read(fileData, 0, (int)inMyFile.Length);

ICryptoTransform encryptor = myAlg.CreateEncryptor();
CryptoStream myEncryptStream = new CryptoStream(outMyFile, encryptor, CryptoStreamMode.Write);

myEncryptStream.Write(fileData, 0, fileData.Length);