150 likes | 294 Views
Cryptography and .NET. CS772 Fall 2009. Key terms. Symmetric Key : a shared secret key between the sender and recipient Asymmetric key : two keys, a public and private key and sometimes referred as public/ private key pair
E N D
Cryptography and .NET CS772 Fall 2009
Key terms • Symmetric Key : a shared secret key between the sender and recipient • Asymmetric key : two keys, a public and private key and sometimes referred as public/ private key pair • Hashing: Produces a unique message digest of known fixed size • Digital Signature: used to authenticate sender, created from asymmetric and hashing algorithms
Encryption • Request provider for encryption algorithm and key length • Create symmetric key • Generate asymmetric key (public/ private pair) • Key blob (securing symmetric key using asymmetric key • Data encryption using symmetric key • Persist the key blob and encrypted data for recipient
Decryption • Retrieve the persisted data • Request provider for decryption algorithm and key length • Decrypt the cipher text and obtain the original data
Hashing • Request provider for hashing algorithm and key length • Create symmetric key • Generate asymmetric key • Key blob • Use the hashing function and obtain the digest • Encrypt the digest • Persist the key blob and digest for recipient
Verifying the Hash • Retrieve the persisted data • Request provider for hashing algorithm and key length • Decrypt the cipher text and obtain the plain data and hash • Recreate the hash from the plain data • Compare the original and the newly created digest
Digital Signatures • Get the signature data • Request provider for cryptographic algorithm and key length • Create asymmetric key pair • Key blob using public key from public/ private key pair • Use hashing function and obtain the digest for signature data • Encrypt the digest • Persist the data for recepient
Confirming the Digital Signature • Retrieve the persisted data • Request provider for algorithm and key length • Decrypt the cipher text and obtain the plain data and hash • Recreate the hash from the plain data • Verify the signature with original and the newly created digest
Cryptography in Microsoft .NET Cryptography Hierarchy
Microsoft .Net has classes that extend the cryptographic services provided by the windows CryptoAPI • System.Security.Cryptography name space provides classes for • Symmetric Encryption • Asymmetric Encryption • Hashing • Digital Signatures
CryptoStream • In .Net, CryptoStream is a channel for cryptographic transformations public CryptoStream( Stream stream, ICryptoTransform transform, CryptoStreamModemode) Example 1: byte [ ] data = new byte [ ] {1,2,3,4}; MemoryStream memData = new MemoryStream(data); Rc2CryptoServiceProvider algorithm = new Rc2CryptoServiceProvider(); CryptoStream stream = new CryptoStream(memData, algorithm.CreateEncryptor(algorithm.Key, algorithm.IV), CryptoStreamMode.Read); byte [ ] cipher = new byte [8]; stream.Read(cipher , 0, (int) 8); memData.close(); stream.close();
Example 2: byte [ ] numbers = new byte [ ] {1,2,3,4}; MemoryStream inmemory = new MemoryStream(); Rc2CryptoServiceProvider algorithm = new Rc2CryptoServiceProvider(); CryptoStream estream = new CryptoStream(inmemory, algorithm.CreateEncryptor(algorithm.Key, algorithm.IV), CryptoStreamMode.Write); BinaryWriter bw = new BinaryWriter(estreem); bm.Write(numbers, 0, numbers.Length); bm.close();
Configuring .Net Cryptography • Encryption with .Net • Create cryptoStream class that wraps a data stream • Based on the mode of the cryptostream, perform the transfomation • Persist the data TripleDES algorithm = TripleDES.create(); • Decryption with .Net • Obtain the persisted data and perform the cryptographic transformations
Hashing with .Net • Define the algorithm SHAICryptoServiceProvider sha = new SHAICryptoServiceProvider(); • Compute hashing using hashing algorithm sha.ComputeHash(bytePlain, 0, filelen); • obtain the digest hash=sha.Hash; • Encrypt the hash • Verifying a Hash in .Net • Obtain persisted data and define the algorithm from provider • Perform the hash and compare the old and the new digest. byte.equals(hash, bytehash);
Digital Signatures in .Net • Gather the signature data • Define the algorithm DSECryptoServiceProvider dsa = new DSECryptoServiceProvider(); • Export the public key of a signature key pair string key = ToXmlString(true); • Call signData on the implementation algorithm to create the digital signatures byte = signature = dsa.signData(textstream.GetBuffer()); • Confirming Digital Signatures in .Net • Use string key = FromXmlString(true) to import the public key.