SlideShare une entreprise Scribd logo

Crypography in c#

Télécharger en tant que PPTX, PDF
Manu Cohen-Yashar
Manu Cohen-Yashar

Cryptography in .Net

LogicielsTechnologieFormation
1  sur  44
SELA DEVELOPER PRACTICE May 5-9, 2013 Manu Cohen-Yashar Cryptography in C#
Why
Hash
Hash • The problem: Create a number that will represent the information • Hash – Mathematical operation that maps the infinity to a group of numbers • We can say that a hash takes an arbitrary block of data and returns a fixed-size bit string • Every hash value can be created by infinite inputs © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 4
Why do we need the hash • If we take two values and both of them result the same Hash it is a very good chance that the values are equal • To prove a knowledge of a secret • Don’t tell me your secret; just prove to me that you know it… © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 5
Good Hash • If the input change it is most certain that the hash will change (There is never 100%) • Hash values are random • It is impossible to go back from the hash value to the original data © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 6
Hash Algorithms • There are many hash algorithms • MD5 • SHA-1 • SHA-256 • More • It is possible to brute force a hash • Simple look for two values that give the same result • Those values are then written in huge databases for future use • Your responsibility is to choose a good algorithm © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 7
Hash in Code private byte[] ComputeHash(byte[] msg) { return new SHA1CryptoServiceProvider().ComputeHash(msg); }
Digital Signature
Digital Signature • The problem: To insure the integrity of information • Integrity is : Source and Content • How: 1. Take the information and hash it 2. Encrypt the hash result with your private key • This is a digital signature © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 10
Digital Signature Create: 1. Create a hash 2. Encrypt the hash using the message originator Private key Verify: 1. Decrypt the Digital signature using the originator Public key 2. Compute the message hash and compare with the decrypted digital signature © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 11
Sign in Code public byte[] SignMsg(Byte[] msg, X509Certificate2 signerCert) { ContentInfo contentInfo = new ContentInfo(msg); SignedCms signedCms = new SignedCms(contentInfo); CmsSigner cmsSigner = new CmsSigner(signerCert); signedCms.ComputeSignature(cmsSigner); return signedCms.Encode(); }
Verify in Code static public bool VerifyMsg(byte[] encodedSignedCms) { bool result = true; SignedCms signedCms = new SignedCms(); signedCms.Decode(encodedSignedCms); try { signedCms.CheckSignature(true); } catch (CryptographicException e) { result = false; } return result; }
Symmetric Encryption
Conventional Cryptography • To encrypt data we uses symmetrical algorithms • same key material used to encrypt and decrypt © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 15
Symmetric Encryption Types • There are two groups of algorithms • Stream ciphers • Fast but key can be used only once • Block ciphers • Slower than stream but key can be used more than once • Provided by System.Security.Cryptography © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 16
Block Ciphers • How a block cipher works • Input is broken up into fixed size blocks (typically 8 or 16 bytes) • Transformation f() applied to key, result xor’d into block • This is known as a “round” – 16 to 32 rounds is typical © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 17 f() f() xor Round 1 Round N key plaintext block xor ciphertext block
Block Ciphers (Symmetric) • Block Cipher is a symmetric Key cipher which operates on a fixed-length groups of bits, termed blocks • Input and output are the same size • The exact transformation is controlled using the Key • Algorithms: DES, 3DES © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 18
Block Ciphers • If we only break the info into blocks and decrypt them, identical blocks would result identical ciphers, thus, in some senses it doesn't provide message confidentiality at all • Cipher-Block Chaining (CBC) • Each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block is dependent on all plaintext blocks up to that point • CBC is the most commonly used mode of operation. Its main drawback is that, it is sequential, and cannot be parallelized • Initialization vector (IV) • IV - a sort of dummy block to kick off the process for the first real block, and also provide some randomization for the process. There is no need for the IV to be secret, but it is important that it is never reused with the same key © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 19
Cipher-Block Chaining (CBC) 20 © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel
Encrypting data in .NET • Setting up • Choose an algorithm and implementation parameters • Generate an initialization vector (IV) • Choose a key • Encrypting • Record the initialization vector for use, during decryption • Create a Crypto Stream object based on your key • Pump data through the stream to encrypt it © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 21
Algorithms and Implementations in .Net © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 22 SymmetricAlgorithm DES RC2 TripleDES DESCryptoServiceProvider RC2CryptoServiceProvider RijndaelManaged TripleDESCryptoServiceProvider Rijndael
Encrypt in Code public static Stream EncryptDataToStream(Stream instream, byte[] key, byte[] initVector) { TripleDES encAlg = TripleDES.Create(); encAlg.Key = key; encAlg.IV = initVector; MemoryStream memStream = new MemoryStream(); CryptoStream encryptorStream = new CryptoStream(memStream, encAlg.CreateEncryptor(), CryptoStreamMode.Write); const int bufferLen = 4096; byte[] buffer = new byte[bufferLen]; int count = 0; int bytecount = 0; while ((count = instream.Read(buffer, 0, bufferLen)) > 0) { encryptorStream.Write(buffer, 0, count); bytecount += count; } instream.Close(); return memStream; }
Decrypting data in .NET • Setting up • Choose the same algorithm you used to encrypt • Retrieve the initialization vector (IV) used during encryption • Retrieve the key • Decrypting • Create a CryptoStream object based on your key • Pump data through the stream to decrypt it • Close the CryptoStream immediately when done decrypting • This causes it to eat any leftover padding from the input stream © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 24
Decrypt in Code public static byte[] DecryptData(byte[] Cipher, byte[] key, byte[] initVector) { TripleDES encAlg = TripleDES.Create(); encAlg.Key = key; encAlg.IV = initVector; MemoryStream Dec_MeM_Stream = new MemoryStream(); CryptoStream DecryptorStream = new CryptoStream(Dec_MeM_Stream, encAlg.CreateDecryptor(), CryptoStreamMode.Write); DecryptorStream.Write(Cipher, 0, Cipher.Length); DecryptorStream.FlushFinalBlock(); DecryptorStream.Close(); byte[] decryptedData = Dec_MeM_Stream.ToArray(); return decryptedData; }
Choosing an algorithm • Narrow down your choices • 1) Use well-known algorithms. Avoid obscure ones • 2) Use an algorithm that supports your required key length • 3) Prefer a block cipher to a stream cipher • 4) Pick an algorithm that performs well on your platform • Some algorithms perform better in hardware (DES) • Some perform well in software (RC2, IDEA) © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 26
Key Management
Key Protection • Why encrypt if the key is not protected?
What is DPAPI • Data Protection API is a Windows infrastructure that was created to protect secrets • DPAPI consists of two functions, CryptProtectData and CryptUnprotectData • The protection is done per user or per machine © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 29
DPAPI © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 30
DPAPI – Key Creation 1. Generates a strong key called a MasterKey 2. PKCS#5 create a key from the user password to protect the master key (Triple-DES) 3. A symmetric session key is generated based on the MasterKey, some random data, and any optional additional entropy 4. Using the Session key the DATA is encrypted 5. The master key and the user password are kept in the user's profile directory, protected by the user's current password © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 31
System.Security.ProtectedDat a • Simple wrapper to the DPAPI infra with two main functions: • Protect and Unprotect • DataProtectionScope • CurrentUser - encrypts the data so that only the currently logged on user can decrypt it • LocalMachine – encrypt the data so that any process running on the current machine can decrypt it. (useful in a server scenario) © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 32
DPAPI Code Byte[] cipher = ProtectedData.Protect (dataToEncrypt, entropy,DataProtectionSco pe.LocalMachine) Byte[] data = ProtectedData.Unprotect (cipher, entropy,DataProtectionScope.LocalMachine
Secure String • SecureString stores its data using the Data Protection API • Data inside SecureString is always in its encrypted form • SecureString isn’t just a simple wrapper around System.string • To be effective: Secret must never ever find its way into a normal managed string ! © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 34
Asymmetric Cryptograp hy
Asymmetric cryptography • Not for hiding large sets of data !!! • Slow • Based on key pair • Used to exchange keys and digital signatures
RSA • In 1977, RSA was born by • Ron Rivest • Adi Shamir • Leonard Adleman • RSA is the root of modern digital signature • RSA is the root for SSL © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 37
Public and Private Keys • Keys are generated in pairs • Public key • Private key • Public key is a large number • Private key is its Prime factors © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 38
X.509 Certificates • Placeholder for public keys • Contain metadata about the key • Issued (signed) by a trusted certificate authority
Find Certificate private static X509Certificate2 FindCertificate(string certificateName, StoreName storeName, StoreLocation storeLocation) { X509Store store = new X509Store(storeName, storeLocation); X509Certificate2 certificate = null; try { store.Open(OpenFlags.MaxAllowed); X509Certificate2Collection collection = store.Certificates.Find( X509FindType.FindBySubjectName, certificateName, false); if (collection.Count > 0) certificate = collection[0]; else throw new Exception( string.Format("CertificateNotFound {0}", certificateName)); } finally{ store.Close(); } return certificate; }
Encrypy Key public static byte[] EncrypyKey(byte[] key, StoreName storeName, StoreLocation storeLocation, string certificateName) { // Find the client certificate X509Certificate2 certificate = FindCertificate(certificateName, storeName, storeLocation); RSACryptoServiceProvider rsa = certificate.PublicKey.Key as RSACryptoServiceProvider; return rsa.Encrypt(key, true); }
Decrypt Key public static byte[] DecrypyKey(byte[] cipher, StoreName storeName, StoreLocation storeLocation, string certificateName) { // Find the client certificate X509Certificate2 certificate = FindCertificate(certificateName, storeName, storeLocation); RSACryptoServiceProvider rsa = certificate.PrivateKey as RSACryptoServiceProvider; return rsa.Decrypt(cipher, true); }
Summary • Hash • Digital Signature • Symmetric Encryption • Key management • Certificates • Asymmetric Encryption
Thank You

Recommandé

Analyzing RDP traffc with Bro
Analyzing RDP traffc with BroAnalyzing RDP traffc with Bro
Analyzing RDP traffc with BroJosh Liburdi
 
Detecting Malicious SSL Certificates Using Bro
Detecting Malicious SSL Certificates Using BroDetecting Malicious SSL Certificates Using Bro
Detecting Malicious SSL Certificates Using BroAndrew Beard
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
PDF Digital signatures
PDF Digital signaturesPDF Digital signatures
PDF Digital signaturesBruno Lowagie
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication rajakhurram
 
Pgp smime
Pgp smimePgp smime
Pgp smimeTania Agni
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 

Recommandé

Analyzing RDP traffc with Bro
Analyzing RDP traffc with BroAnalyzing RDP traffc with Bro
Analyzing RDP traffc with BroJosh Liburdi
 
Detecting Malicious SSL Certificates Using Bro
Detecting Malicious SSL Certificates Using BroDetecting Malicious SSL Certificates Using Bro
Detecting Malicious SSL Certificates Using BroAndrew Beard
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
PDF Digital signatures
PDF Digital signaturesPDF Digital signatures
PDF Digital signaturesBruno Lowagie
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication rajakhurram
 
Pgp smime
Pgp smimePgp smime
Pgp smimeTania Agni
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to KerberosShumon Huque
 
The Thing About Protecting Data Is, You Have To Protect Data
The Thing About Protecting Data Is, You Have To Protect DataThe Thing About Protecting Data Is, You Have To Protect Data
The Thing About Protecting Data Is, You Have To Protect DataAndy LoPresto
 
Kerberos
KerberosKerberos
KerberosSparkbit
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetPuneet Arora
 
Ethereum Smart Contracts on Hyperledger Fabric
Ethereum Smart Contracts on Hyperledger Fabric Ethereum Smart Contracts on Hyperledger Fabric
Ethereum Smart Contracts on Hyperledger Fabric Horea Porutiu
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyiText Group nv
 
Approaches for Mitigating Discovery Problems in Larger Systems
Approaches for Mitigating Discovery Problems in Larger SystemsApproaches for Mitigating Discovery Problems in Larger Systems
Approaches for Mitigating Discovery Problems in Larger SystemsReal-Time Innovations (RTI)
 
Kerberos explained
Kerberos explainedKerberos explained
Kerberos explainedDotan Patrich
 
Developing applications with Hyperledger Fabric SDK
Developing applications with Hyperledger Fabric SDKDeveloping applications with Hyperledger Fabric SDK
Developing applications with Hyperledger Fabric SDKHorea Porutiu
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve LambInformation Security Awareness Group
 
Introduction to Blockchain and Hyperledger
Introduction to Blockchain and HyperledgerIntroduction to Blockchain and Hyperledger
Introduction to Blockchain and HyperledgerDev_Events
 
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeDeploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeHorea Porutiu
 
Bitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and PropertyBitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and PropertyJollen Chen
 
Hyperledger fabric 3
Hyperledger fabric 3Hyperledger fabric 3
Hyperledger fabric 3Arvind Sridharan
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security PrimerVenkatesh Iyer
 
DevDay: Have Your Cake and Eat it Too, Privacy and Security with ZKP, ING
DevDay: Have Your Cake and Eat it Too, Privacy and Security with ZKP, INGDevDay: Have Your Cake and Eat it Too, Privacy and Security with ZKP, ING
DevDay: Have Your Cake and Eat it Too, Privacy and Security with ZKP, INGR3
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10Infinity Tech Solutions
 
Kerberos protocol
Kerberos protocolKerberos protocol
Kerberos protocolAjit Dadresa
 
Hyperledger Fabric Application Development 20190618
Hyperledger Fabric Application Development 20190618Hyperledger Fabric Application Development 20190618
Hyperledger Fabric Application Development 20190618Arnaud Le Hors
 
Hack Proof: Software Design for a Hostile Internet
Hack Proof: Software Design for a Hostile InternetHack Proof: Software Design for a Hostile Internet
Hack Proof: Software Design for a Hostile InternetRob Bogue
 
Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013javagroup2006
 
Lesson 1- Foundation of Cryptology
Lesson 1- Foundation of CryptologyLesson 1- Foundation of Cryptology
Lesson 1- Foundation of CryptologyMLG College of Learning, Inc
 

Contenu connexe

Tendances

An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to KerberosShumon Huque
 
The Thing About Protecting Data Is, You Have To Protect Data
The Thing About Protecting Data Is, You Have To Protect DataThe Thing About Protecting Data Is, You Have To Protect Data
The Thing About Protecting Data Is, You Have To Protect DataAndy LoPresto
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetPuneet Arora
 
Ethereum Smart Contracts on Hyperledger Fabric
Ethereum Smart Contracts on Hyperledger Fabric Ethereum Smart Contracts on Hyperledger Fabric
Ethereum Smart Contracts on Hyperledger Fabric Horea Porutiu
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyiText Group nv
 
Approaches for Mitigating Discovery Problems in Larger Systems
Approaches for Mitigating Discovery Problems in Larger SystemsApproaches for Mitigating Discovery Problems in Larger Systems
Approaches for Mitigating Discovery Problems in Larger SystemsReal-Time Innovations (RTI)
 
Developing applications with Hyperledger Fabric SDK
Developing applications with Hyperledger Fabric SDKDeveloping applications with Hyperledger Fabric SDK
Developing applications with Hyperledger Fabric SDKHorea Porutiu
 
Introduction to Blockchain and Hyperledger
Introduction to Blockchain and HyperledgerIntroduction to Blockchain and Hyperledger
Introduction to Blockchain and HyperledgerDev_Events
 
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeDeploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeHorea Porutiu
 
Bitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and PropertyBitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and PropertyJollen Chen
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security PrimerVenkatesh Iyer
 
DevDay: Have Your Cake and Eat it Too, Privacy and Security with ZKP, ING
DevDay: Have Your Cake and Eat it Too, Privacy and Security with ZKP, INGDevDay: Have Your Cake and Eat it Too, Privacy and Security with ZKP, ING
DevDay: Have Your Cake and Eat it Too, Privacy and Security with ZKP, INGR3
 
Hyperledger Fabric Application Development 20190618
Hyperledger Fabric Application Development 20190618Hyperledger Fabric Application Development 20190618
Hyperledger Fabric Application Development 20190618Arnaud Le Hors
 
Hack Proof: Software Design for a Hostile Internet
Hack Proof: Software Design for a Hostile InternetHack Proof: Software Design for a Hostile Internet
Hack Proof: Software Design for a Hostile InternetRob Bogue
 

Tendances (20)

An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to Kerberos
 
The Thing About Protecting Data Is, You Have To Protect Data
The Thing About Protecting Data Is, You Have To Protect DataThe Thing About Protecting Data Is, You Have To Protect Data
The Thing About Protecting Data Is, You Have To Protect Data
 
Kerberos
KerberosKerberos
Kerberos
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.Net
 
Ethereum Smart Contracts on Hyperledger Fabric
Ethereum Smart Contracts on Hyperledger Fabric Ethereum Smart Contracts on Hyperledger Fabric
Ethereum Smart Contracts on Hyperledger Fabric
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case Study
 
Approaches for Mitigating Discovery Problems in Larger Systems
Approaches for Mitigating Discovery Problems in Larger SystemsApproaches for Mitigating Discovery Problems in Larger Systems
Approaches for Mitigating Discovery Problems in Larger Systems
 
Kerberos explained
Kerberos explainedKerberos explained
Kerberos explained
 
Developing applications with Hyperledger Fabric SDK
Developing applications with Hyperledger Fabric SDKDeveloping applications with Hyperledger Fabric SDK
Developing applications with Hyperledger Fabric SDK
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
 
Introduction to Blockchain and Hyperledger
Introduction to Blockchain and HyperledgerIntroduction to Blockchain and Hyperledger
Introduction to Blockchain and Hyperledger
 
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeDeploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
 
Bitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and PropertyBitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and Property
 
Hyperledger fabric 3
Hyperledger fabric 3Hyperledger fabric 3
Hyperledger fabric 3
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security Primer
 
DevDay: Have Your Cake and Eat it Too, Privacy and Security with ZKP, ING
DevDay: Have Your Cake and Eat it Too, Privacy and Security with ZKP, INGDevDay: Have Your Cake and Eat it Too, Privacy and Security with ZKP, ING
DevDay: Have Your Cake and Eat it Too, Privacy and Security with ZKP, ING
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
 
Kerberos protocol
Kerberos protocolKerberos protocol
Kerberos protocol
 
Hyperledger Fabric Application Development 20190618
Hyperledger Fabric Application Development 20190618Hyperledger Fabric Application Development 20190618
Hyperledger Fabric Application Development 20190618
 
Hack Proof: Software Design for a Hostile Internet
Hack Proof: Software Design for a Hostile InternetHack Proof: Software Design for a Hostile Internet
Hack Proof: Software Design for a Hostile Internet
 

Similaire à Crypography in c#

Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013javagroup2006
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Michel Schudel
 
Understanding hd wallets design and implementation
Understanding hd wallets design and implementationUnderstanding hd wallets design and implementation
Understanding hd wallets design and implementationArcBlock
 
Practical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for DevelopersPractical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for DevelopersGökhan Şengün
 
Information and network security 28 blowfish
Information and network security 28 blowfishInformation and network security 28 blowfish
Information and network security 28 blowfishVaibhav Khanna
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationAlex Punnen
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Mukesh Chinta
 
How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsAjay Ohri
 
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...POSSCON
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developersKai Koenig
 
Breaking out of crypto authentication
Breaking out of crypto authenticationBreaking out of crypto authentication
Breaking out of crypto authenticationMohammed Adam
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography FundamentalsDuy Do Phan
 

Similaire à Crypography in c# (20)

Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013
 
Lesson 1- Foundation of Cryptology
Lesson 1- Foundation of CryptologyLesson 1- Foundation of Cryptology
Lesson 1- Foundation of Cryptology
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019
 
How encryption works
How encryption worksHow encryption works
How encryption works
 
Understanding hd wallets design and implementation
Understanding hd wallets design and implementationUnderstanding hd wallets design and implementation
Understanding hd wallets design and implementation
 
Practical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for DevelopersPractical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for Developers
 
Information and network security 28 blowfish
Information and network security 28 blowfishInformation and network security 28 blowfish
Information and network security 28 blowfish
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
 
How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen Ooms
 
Encryption
EncryptionEncryption
Encryption
 
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDF
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDF
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDF
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
 
Breaking out of crypto authentication
Breaking out of crypto authenticationBreaking out of crypto authentication
Breaking out of crypto authentication
 
Encryption
EncryptionEncryption
Encryption
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography Fundamentals
 

Dernier

Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 

Dernier (20)

Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 

Crypography in c#

  • 1. SELA DEVELOPER PRACTICE May 5-9, 2013 Manu Cohen-Yashar Cryptography in C#
  • 2. Why
  • 4. Hash • The problem: Create a number that will represent the information • Hash – Mathematical operation that maps the infinity to a group of numbers • We can say that a hash takes an arbitrary block of data and returns a fixed-size bit string • Every hash value can be created by infinite inputs © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 4
  • 5. Why do we need the hash • If we take two values and both of them result the same Hash it is a very good chance that the values are equal • To prove a knowledge of a secret • Don’t tell me your secret; just prove to me that you know it… © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 5
  • 6. Good Hash • If the input change it is most certain that the hash will change (There is never 100%) • Hash values are random • It is impossible to go back from the hash value to the original data © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 6
  • 7. Hash Algorithms • There are many hash algorithms • MD5 • SHA-1 • SHA-256 • More • It is possible to brute force a hash • Simple look for two values that give the same result • Those values are then written in huge databases for future use • Your responsibility is to choose a good algorithm © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 7
  • 8. Hash in Code private byte[] ComputeHash(byte[] msg) { return new SHA1CryptoServiceProvider().ComputeHash(msg); }
  • 10. Digital Signature • The problem: To insure the integrity of information • Integrity is : Source and Content • How: 1. Take the information and hash it 2. Encrypt the hash result with your private key • This is a digital signature © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 10
  • 11. Digital Signature Create: 1. Create a hash 2. Encrypt the hash using the message originator Private key Verify: 1. Decrypt the Digital signature using the originator Public key 2. Compute the message hash and compare with the decrypted digital signature © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 11
  • 12. Sign in Code public byte[] SignMsg(Byte[] msg, X509Certificate2 signerCert) { ContentInfo contentInfo = new ContentInfo(msg); SignedCms signedCms = new SignedCms(contentInfo); CmsSigner cmsSigner = new CmsSigner(signerCert); signedCms.ComputeSignature(cmsSigner); return signedCms.Encode(); }
  • 13. Verify in Code static public bool VerifyMsg(byte[] encodedSignedCms) { bool result = true; SignedCms signedCms = new SignedCms(); signedCms.Decode(encodedSignedCms); try { signedCms.CheckSignature(true); } catch (CryptographicException e) { result = false; } return result; }
  • 15. Conventional Cryptography • To encrypt data we uses symmetrical algorithms • same key material used to encrypt and decrypt © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 15
  • 16. Symmetric Encryption Types • There are two groups of algorithms • Stream ciphers • Fast but key can be used only once • Block ciphers • Slower than stream but key can be used more than once • Provided by System.Security.Cryptography © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 16
  • 17. Block Ciphers • How a block cipher works • Input is broken up into fixed size blocks (typically 8 or 16 bytes) • Transformation f() applied to key, result xor’d into block • This is known as a “round” – 16 to 32 rounds is typical © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 17 f() f() xor Round 1 Round N key plaintext block xor ciphertext block
  • 18. Block Ciphers (Symmetric) • Block Cipher is a symmetric Key cipher which operates on a fixed-length groups of bits, termed blocks • Input and output are the same size • The exact transformation is controlled using the Key • Algorithms: DES, 3DES © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 18
  • 19. Block Ciphers • If we only break the info into blocks and decrypt them, identical blocks would result identical ciphers, thus, in some senses it doesn't provide message confidentiality at all • Cipher-Block Chaining (CBC) • Each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block is dependent on all plaintext blocks up to that point • CBC is the most commonly used mode of operation. Its main drawback is that, it is sequential, and cannot be parallelized • Initialization vector (IV) • IV - a sort of dummy block to kick off the process for the first real block, and also provide some randomization for the process. There is no need for the IV to be secret, but it is important that it is never reused with the same key © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 19
  • 20. Cipher-Block Chaining (CBC) 20 © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel
  • 21. Encrypting data in .NET • Setting up • Choose an algorithm and implementation parameters • Generate an initialization vector (IV) • Choose a key • Encrypting • Record the initialization vector for use, during decryption • Create a Crypto Stream object based on your key • Pump data through the stream to encrypt it © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 21
  • 22. Algorithms and Implementations in .Net © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 22 SymmetricAlgorithm DES RC2 TripleDES DESCryptoServiceProvider RC2CryptoServiceProvider RijndaelManaged TripleDESCryptoServiceProvider Rijndael
  • 23. Encrypt in Code public static Stream EncryptDataToStream(Stream instream, byte[] key, byte[] initVector) { TripleDES encAlg = TripleDES.Create(); encAlg.Key = key; encAlg.IV = initVector; MemoryStream memStream = new MemoryStream(); CryptoStream encryptorStream = new CryptoStream(memStream, encAlg.CreateEncryptor(), CryptoStreamMode.Write); const int bufferLen = 4096; byte[] buffer = new byte[bufferLen]; int count = 0; int bytecount = 0; while ((count = instream.Read(buffer, 0, bufferLen)) > 0) { encryptorStream.Write(buffer, 0, count); bytecount += count; } instream.Close(); return memStream; }
  • 24. Decrypting data in .NET • Setting up • Choose the same algorithm you used to encrypt • Retrieve the initialization vector (IV) used during encryption • Retrieve the key • Decrypting • Create a CryptoStream object based on your key • Pump data through the stream to decrypt it • Close the CryptoStream immediately when done decrypting • This causes it to eat any leftover padding from the input stream © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 24
  • 25. Decrypt in Code public static byte[] DecryptData(byte[] Cipher, byte[] key, byte[] initVector) { TripleDES encAlg = TripleDES.Create(); encAlg.Key = key; encAlg.IV = initVector; MemoryStream Dec_MeM_Stream = new MemoryStream(); CryptoStream DecryptorStream = new CryptoStream(Dec_MeM_Stream, encAlg.CreateDecryptor(), CryptoStreamMode.Write); DecryptorStream.Write(Cipher, 0, Cipher.Length); DecryptorStream.FlushFinalBlock(); DecryptorStream.Close(); byte[] decryptedData = Dec_MeM_Stream.ToArray(); return decryptedData; }
  • 26. Choosing an algorithm • Narrow down your choices • 1) Use well-known algorithms. Avoid obscure ones • 2) Use an algorithm that supports your required key length • 3) Prefer a block cipher to a stream cipher • 4) Pick an algorithm that performs well on your platform • Some algorithms perform better in hardware (DES) • Some perform well in software (RC2, IDEA) © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 26
  • 28. Key Protection • Why encrypt if the key is not protected?
  • 29. What is DPAPI • Data Protection API is a Windows infrastructure that was created to protect secrets • DPAPI consists of two functions, CryptProtectData and CryptUnprotectData • The protection is done per user or per machine © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 29
  • 30. DPAPI © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 30
  • 31. DPAPI – Key Creation 1. Generates a strong key called a MasterKey 2. PKCS#5 create a key from the user password to protect the master key (Triple-DES) 3. A symmetric session key is generated based on the MasterKey, some random data, and any optional additional entropy 4. Using the Session key the DATA is encrypted 5. The master key and the user password are kept in the user's profile directory, protected by the user's current password © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 31
  • 32. System.Security.ProtectedDat a • Simple wrapper to the DPAPI infra with two main functions: • Protect and Unprotect • DataProtectionScope • CurrentUser - encrypts the data so that only the currently logged on user can decrypt it • LocalMachine – encrypt the data so that any process running on the current machine can decrypt it. (useful in a server scenario) © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 32
  • 33. DPAPI Code Byte[] cipher = ProtectedData.Protect (dataToEncrypt, entropy,DataProtectionSco pe.LocalMachine) Byte[] data = ProtectedData.Unprotect (cipher, entropy,DataProtectionScope.LocalMachine
  • 34. Secure String • SecureString stores its data using the Data Protection API • Data inside SecureString is always in its encrypted form • SecureString isn’t just a simple wrapper around System.string • To be effective: Secret must never ever find its way into a normal managed string ! © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 34
  • 36. Asymmetric cryptography • Not for hiding large sets of data !!! • Slow • Based on key pair • Used to exchange keys and digital signatures
  • 37. RSA • In 1977, RSA was born by • Ron Rivest • Adi Shamir • Leonard Adleman • RSA is the root of modern digital signature • RSA is the root for SSL © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 37
  • 38. Public and Private Keys • Keys are generated in pairs • Public key • Private key • Public key is a large number • Private key is its Prime factors © Copyright SELA software & Education Labs Ltd. 14-18 Baruch Hirsch St.Bnei Brak 51202 Israel 38
  • 39. X.509 Certificates • Placeholder for public keys • Contain metadata about the key • Issued (signed) by a trusted certificate authority
  • 40. Find Certificate private static X509Certificate2 FindCertificate(string certificateName, StoreName storeName, StoreLocation storeLocation) { X509Store store = new X509Store(storeName, storeLocation); X509Certificate2 certificate = null; try { store.Open(OpenFlags.MaxAllowed); X509Certificate2Collection collection = store.Certificates.Find( X509FindType.FindBySubjectName, certificateName, false); if (collection.Count > 0) certificate = collection[0]; else throw new Exception( string.Format("CertificateNotFound {0}", certificateName)); } finally{ store.Close(); } return certificate; }
  • 41. Encrypy Key public static byte[] EncrypyKey(byte[] key, StoreName storeName, StoreLocation storeLocation, string certificateName) { // Find the client certificate X509Certificate2 certificate = FindCertificate(certificateName, storeName, storeLocation); RSACryptoServiceProvider rsa = certificate.PublicKey.Key as RSACryptoServiceProvider; return rsa.Encrypt(key, true); }
  • 42. Decrypt Key public static byte[] DecrypyKey(byte[] cipher, StoreName storeName, StoreLocation storeLocation, string certificateName) { // Find the client certificate X509Certificate2 certificate = FindCertificate(certificateName, storeName, storeLocation); RSACryptoServiceProvider rsa = certificate.PrivateKey as RSACryptoServiceProvider; return rsa.Decrypt(cipher, true); }
  • 43. Summary • Hash • Digital Signature • Symmetric Encryption • Key management • Certificates • Asymmetric Encryption

Notes de l'éditeur

  1. Many security models attach security to users and their groups (or roles). This means that : all code run on behalf of these users, are either permitted or not permitted to perform operations on critical resources.The .NET Framework provides a developer defined security model called role-based security that functions in a similar vein.Role Based Security's principal abstractions are Principals and Identity. Additionally, the .NET Framework also provides security on code and this is referred to as code access security (also referred to as evidence-based security).With code access security, user may be trusted to access a resource but if the code is not trusted, then access to the resource will be denied.
  2. Current Security Products such as Antivirus, Firewalls Industry Detection Systems are designed as stand alone pieces of equipment or software.Near-Term Problem: Ensuring Programs are : Memory-Safe, Type-Safe So fine-grained access control can be enforced.Long-Term Problem: Ensuring that Distributed computing system enforce system-wide information security policies:ConfidentialityIntegrityAvailabilityConfidentiality, integrity : end-to-end security described by information-flow policies.