- 76 Views
- Uploaded on
- Presentation posted in: General

Cryptography and .NET

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Cryptography and .NET

CS772

Fall 2009

- Symmetric Key : a shared secret key between the sender and recipient
- Asymmetric key : two keys, a public and private key and sometimes referred as public/ private key pair
- Hashing: Produces a unique message digest of known fixed size
- Digital Signature: used to authenticate sender, created from asymmetric and hashing algorithms

- Request provider for encryption algorithm and key length
- Create symmetric key
- Generate asymmetric key (public/ private pair)
- Key blob (securing symmetric key using asymmetric key
- Data encryption using symmetric key
- Persist the key blob and encrypted data for recipient

- Retrieve the persisted data
- Request provider for decryption algorithm and key length
- Decrypt the cipher text and obtain the original data

- Request provider for hashing algorithm and key length
- Create symmetric key
- Generate asymmetric key
- Key blob
- Use the hashing function and obtain the digest
- Encrypt the digest
- Persist the key blob and digest for recipient

- Retrieve the persisted data
- Request provider for hashing algorithm and key length
- Decrypt the cipher text and obtain the plain data and hash
- Recreate the hash from the plain data
- Compare the original and the newly created digest

- Get the signature data
- Request provider for cryptographic algorithm and key length
- Create asymmetric key pair
- Key blob using public key from public/ private key pair
- Use hashing function and obtain the digest for signature data
- Encrypt the digest
- Persist the data for recepient

- Retrieve the persisted data
- Request provider for algorithm and key length
- Decrypt the cipher text and obtain the plain data and hash
- Recreate the hash from the plain data
- Verify the signature with original and the newly created digest

Cryptography

Hierarchy

- Microsoft .Net has classes that extend the cryptographic services provided by the windows CryptoAPI
- System.Security.Cryptography name space provides classes for
- Symmetric Encryption
- Asymmetric Encryption
- Hashing
- Digital Signatures

- In .Net, CryptoStream is a channel for cryptographic transformations
public CryptoStream( Stream stream, ICryptoTransform transform, CryptoStreamModemode)

Example 1:

byte [ ] data = new byte [ ] {1,2,3,4};

MemoryStream memData = new MemoryStream(data);

Rc2CryptoServiceProvider algorithm = new Rc2CryptoServiceProvider();

CryptoStream stream = new CryptoStream(memData,

algorithm.CreateEncryptor(algorithm.Key, algorithm.IV),

CryptoStreamMode.Read);

byte [ ] cipher = new byte [8];

stream.Read(cipher , 0, (int) 8);

memData.close();

stream.close();

Example 2:

byte [ ] numbers = new byte [ ] {1,2,3,4};

MemoryStream inmemory = new MemoryStream();

Rc2CryptoServiceProvider algorithm = new Rc2CryptoServiceProvider();

CryptoStream estream = new CryptoStream(inmemory,

algorithm.CreateEncryptor(algorithm.Key, algorithm.IV),

CryptoStreamMode.Write);

BinaryWriter bw = new BinaryWriter(estreem);

bm.Write(numbers, 0, numbers.Length);

bm.close();

- Encryption with .Net
- Create cryptoStream class that wraps a data stream
- Based on the mode of the cryptostream, perform the transfomation
- Persist the data
TripleDES algorithm = TripleDES.create();

- Obtain the persisted data and perform the cryptographic transformations

- Hashing with .Net
- Define the algorithm
SHAICryptoServiceProvider sha = new SHAICryptoServiceProvider();

- Compute hashing using hashing algorithm
sha.ComputeHash(bytePlain, 0, filelen);

- obtain the digest
hash=sha.Hash;

- Encrypt the hash

- Define the algorithm

- Obtain persisted data and define the algorithm from provider
- Perform the hash and compare the old and the new digest.
byte.equals(hash, bytehash);

- Digital Signatures in .Net
- Gather the signature data
- Define the algorithm
DSECryptoServiceProvider dsa = new DSECryptoServiceProvider();

- Export the public key of a signature key pair
string key = ToXmlString(true);

- Call signData on the implementation algorithm to create the digital signatures
byte = signature = dsa.signData(textstream.GetBuffer());

- Use string key = FromXmlString(true) to import the public key.