The .NET Asymmetric Encryption Algorithms

Asymmetric algorithms are based on mathematical methods that require different keys for encryption and decryption. Usually the key used for encryption is called a public key and you can give it to anyone who wants to send encrypted information to you. The private key is the only key that can be used for decryption. In this case you are the only person who is able to decrypt the information, because usually you are the only one with access to this private key. In other words you don’t need to transmit the key that can decrypt sensitive data. The next table lists the asymmetric algorithms supported by the .NET Framework.

Default ImplementationValid Key SizeDefault

Key Size
RSARSARSACryptoServiceProvider384-16384 (8-bit increments)1024
DSADSADSACryptoServiceProvider512-1024 (64-bit increments)1024
Important notes:
1. Only RSA (its name comes from the inventors of the algorithm—Ron Rivest, Adi Shamir, and Leonard Adleman) supports the direct encryption and decryption of values
2. The DSA (Digital Signature Algorithm) can be used only for signing information and verifying signatures.
3. Asymmetric algorithms are much slower (depending on the size of the data you want to encrypt) than symmetric algorithms and this affect the the performance of your application when you have to exchange data through lots of requests.
Technologies such as SSL use asymmetric algorithms at the beginning when establishing a connection session. Through the first communication steps, traffic between the client and the server is secured through asymmetric encryption (the client encrypts with a public key, and the server decrypts with a private key). With these steps, the client and the server can exchange a symmetric key securely. This symmetric key then secures traffic for any subsequent communication through symmetric encryption. This combines the advantages of symmetric and asymmetric encryption.