Asymmetric cryptographic algorithms, also known as public-key algorithms, require that both sender and receiver maintain a pair of related keys: a private key and a public key. Both keys are unique to the entity. The public key can be made available to anyone; this key is used for encoding data that is sent to a receiver. The private key must be kept private by the receiver; this key is used for decoding messages encoded using the receiver's public key. The System.Security.Cryptography.RSACryptoServiceProvider class is an implementation of a public-key algorithm. For an in-depth discussion of public-key encryption and algorithms, see the "Public-Key Encryption" section in Cryptographic Services. For information about how to use the Srong Name tool (Sn.exe) to create key pairs, see How to: Create a Public/Private Key Pair.

You can use public-key systems to form digital signatures. Digital signatures are used to help to protect the integrity of data. For example, to use a public-key system to digitally sign a message, the sender first applies a hash function to the message to create a message digest. The sender then encrypts the message digest with the sender's private key to create the sender's personal signature. Upon receiving the message and signature, the receiver decrypts the signature using the sender's public key to recover the message digest and hashes the message using the same hash algorithm that the sender used. If the message digest that the receiver computes matches the message digest received from the sender, the receiver can assume that the message was not altered while in transit. Note that anyone can verify a signature, because the sender's public key is common knowledge. This technique does not retain the secrecy of the message; for the message to be secret, it must also be encrypted.

The .NET Framework provides the following classes that implement digital signature algorithms: System.Security.Cryptography.DSACryptoServiceProvider, System.Security.Cryptography.RSACryptoServiceProvider, System.Security.Cryptography.ECDsa (base class), and System.Security.Cryptography.ECDsaCng.

The System.Security.Cryptography namespace provides concrete classes for System.Security.Cryptography.RSA and System.Security.Cryptography.DSA only.

To learn how to use the RSA algorithm to encrypt and decrypt XML data, and create and verify XML digital signatures, see these articles:

• How to: Encrypt XML Elements with Asymmetric Keys

• How to: Decrypt XML Elements with Asymmetric Keys

• How to: Sign XML Documents with Digital Signatures

• How to: Verify the Digital Signatures of XML Documents

Namespace: System.Security.Cryptography
Assembly: mscorlib (in mscorlib.dll)
Assembly Versions: 1.0.5000.0, 2.0.0.0, 4.0.0.0