Index
- Introduction
- Working with encryption
- Hashing
- Certificates
- Code access permissions
- Secure string data
- References
Introduction
This post is part of a series of post to help you prepare the MCSD certification, particularly the certification exam 70-483, based on the book:You will find all the code available in the following GitHub repository. Lets talk a little bit about threads and how they work using a .Net development environment.
Working with encryption
Major encryption techniques:
- Symmetric or secret key
- Unique shared key between sender and recipient
- AES: Advanced Encryption Standard
- .Net System.Security.Cryptography class
- It works on byte sequences by using a key and IV (Initialization vector: randomness)
- Asymmetric or public key
- prevents someone getting the secret key during the exchange process in Symmectric enc.
- Sender a recipient create both private/public keys.
- Encrypt messages with your recipient's public key which will only be decrypted with recipient's private key.
- .Net RSACryptoServiceProvider and DSACryptoServiceProvider classes.
- Keep your private key safe with .Net container using CspParameters
C# AES coding example: notice how the SymmetrciAlgorithm class allows you to build both encryptor and decryptor.
C# RSA coding example
C# RSA coding example
C# asymmetric key container example
Hashing
Hashing simplifies the process of compare elements. Imagine a list where you are adding only unique elements. You have to compare each new candidate with every element on the list. This ends taking down performance. Hashing can help you out generating unique identifiers from you list of elements so you don't have to compare the whole entity each time a new candidate appears, you just need to compare the unique hash code, simplifying the logic operations.
You can use hash to distribute the elements of a list in shorter lists that we can call "buckets". The hashing process of your elements will be used to return the bucket where the element needs to be stored. Conclusions:
- Equal items should have equal hash codes.
- Your implementation of GetHashCode() should return always the same, so it shouldn't be based on dates or times.
- Can be used to check the integrity of a message
- Use the SHA256Managed algorithm provided in .Net SHA256 class to generate / compare your codes.
Certificates
Certificates are built on top of Asymmetric encryption and Hashing. If Bob wants to send a message to Mike, he will hash his message and then encrypt both message and hash using Mike's public key. Then, Mike will decrypt both items using his private key and will validate the integrity of the message comparing the hash received and a new hash based on Bob decrypted message. Certificate glossary:
- Public Key Infrastructure (PKI): authenticate and verify the validity of each involved party
- Certificate Authority (CA): third-party issuer of certificates trust-worthly by all parties
- Used to secure Internet communications.
- HTTPS: communication protocol ensures that a client is talking with the right server, not to an impostor.
.Net provides a tool to generate your own X.509 test certificates called: makecert.exe. With the following console commands you'll end up creating your own new certificate and installing it on your machine:
makecert testCert.cer
makecert -n "CN=WouterDeKort" -sr currentuser -ss testCertStore
Code access permissions
.Net helps you protect your computer from malicious code via the "Code Access Security" (CAS). Instead of giving all every application full trust, apps can be restricted on the types of resources they can access. The Common Language Runtime (CLR) ensures your code has the correct permissions to access privileged resources. Each code access permissions represents:
- right to access a resources (file)
- right to perform a protected operation (accessing unmanaged code)
Can be used in case you want to allow plugins connect to your app. Then CAS:
- defines permissions for accessing system resources.
- enables code to demand that its callers have specific permissions.
- each callers possess a digital signature
- enforces all those at runtime
It works in two ways:
- declarative: by decorating your methods with permissions required
- imperative: requesting those rights directly from your code (ie: FileIOPermission)
Secure string data
Working with strings in your code is not secure because:
- The GC can move the variables in memory and leave copies around
- It's not encrypted
- Is immutable (with every change a new copy is generated)
- No way for the GC to remove all copies from memory
To secure your strings you can use the .Net System.Security.SecureString:
- Automatically encrypts its content
- Pinned to a memory location
- It's mutable
- The GC doesn't move it.
- Implements IDisposable interface
The only problem comes when it's initialized and you want to pass the content in. That's why the only way to populate it is going one character at a time. See the following example:
0 comments:
Post a Comment