Hi Andrew,
Welcome to .NET newsgroup.
As for the question on using Rijndael Crypto Providor to encrypt data,
here are some of my understandings:
1. Such encryption algorithm as Rijndael are called symmetric encryption,
whicn only need a single secret key to encrypt and decrypt data. And
symmetric encryption are block based that means actually it can only
encrypt a limited lengh of data each time. So when encrypting large byte
stream, it use a cipher block chaining mechanism, which use a given key and
an IV to encrypt the first block, then, all the sequential block (bytes in
the stream) are encrypted depend on the key and the encrypted bytes from
the pervious block. Here is the detailed description in MSDN:
===================
Typically, secret-key algorithms, called block ciphers, are used to encrypt
one block of data at a time. Block ciphers (like RC2, DES, TripleDES, and
Rijndael) cryptographically transform an input block of n bytes into an
output block of encrypted bytes. If you want to encrypt or decrypt a
sequence of bytes, you have to do it block by block. Because n is small (n
= 8 bytes for RC2, DES, and TripleDES; n = 16 [the default], n = 24, or n =
32 bytes for Rijndael), values larger than n have to be encrypted one block
at a time.
The block cipher classes provided in the base class library use a chaining
mode called cipher block chaining (CBC), which uses a key and an
initialization vector (IV) to perform cryptographic transformations on
data. For a given secret key k, a simple block cipher that does not use an
initialization vector will encrypt the same input block of plain text into
the same output block of cipher text. If you have duplicate blocks within
your plain text stream, you will have duplicate blocks within your cipher
text stream. If unauthorized users know anything about the structure of a
block of your plain text, they can use that information to decipher the
known cipher text block and possibly recover your key. To combat this
problem, information from the previous block is mixed into the process of
encrypting the next block. Thus, the output of two identical plain text
blocks is different. Because this technique uses the previous block to
encrypt the next block, an IV is used to encrypt the first block of data.
Using this system, common message headers that might be known to an
unauthorized user cannot be used to reverse engineer a key.
========================
You can also have a look at the following reference:
#Cryptography Overview
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconcryptographyovervi
ew.asp?frame=true
Then, since the latter block data is encrypted depend on the former
encrypted result, when the former block changes, the sequential encrypted
bytes will apparently changes. However, if we only change the last block,
the change is not very obvious.
2. As for encryption/decryption itself , it can only make the data
unreadable from unauthorized users, but can't ensure the data won't be
modified by other ones. If you want to ensure the data not be modified(
check the integrity and consistency), you should considering apply digital
signasure together with encryption. Here is the reference on applying
digtal signature through the BCL classes in .net framework:
#Ensuring Data Integrity with Hash Codes
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconensuringdataintegr
itywithhashcodes.asp?frame=true
Typically, digital signing is done through Asymmetric encryption/decription
and data hashing. You can find detailed description in the above links.
Hope helps. Thanks,
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
