Mixing asymmetric and symmetric encryption with HMAC hash verification .NET

November 15, 2016 2 Comments

Introduction

In this post we looked at how to combine symmetric and asymmetric encryption in the same project to increase messaging security. Symmetric encrypt is quick but has the problem of distributing the public key. Asymmetric encryption solves the public key distribution issue but is in turn a lot slower. We can combine the two techniques where a one-time symmetric public key, also called a session key, is encrypted with the asymmetric public key so that it can be decrypted by the receiver who has access to the asymmetric private key.

The solution is OK so far, it is very difficult to find the right keys involved. Still we can do better and add some message verification. We want to be sure that the message hasn’t been tampered with on its way to us. The sender can hash the encrypted message and send it along with the other necessary properties to the receiver. The receiver can compute the hash on their side and verify whether the two are equal. We looked at a couple of hashing techniques in this post but those do not involve any cryptographic key. That means that an attacker can change the message, recalculate the hash and attach it to the message. The password-salted hash algorithm HMAC sounds like a better option. We looked at HMACs in .NET in this post and we’ll reuse what we learnt there.

The goal of this post is to build upon the mixed encryption demo solution we built previously and add HMAC hashing to the picture.

Read more of this post

Filed under .NET, Security Tagged with , ,

An overview of grouping collections with LINQ in .NET

November 14, 2016 Leave a comment

Introduction

The LINQ GroupBy operator is one of the most powerful ones among all LINQ operators. It helps us group elements in a collection in various ways and lets us control the element and result selection process. However, with its many overloads and Func parameters the GroupBy operator can be a bit difficult to understand at first. At least it is more complex than say the Min() and Max() LINQ operators.

This post will go through the GroupBy operator and many of its overloads with a number of examples.

Read more of this post

Filed under .NET, LINQ Tagged with , , ,

Concatenate strings with the StringJoiner class in Java 8

November 13, 2016 Leave a comment

Java 8 introduces a new object which enables you to join individual strings: the StringJoiner.

The StringJoiner has two overloads. The simpler one accepts a delimiter:

StringJoiner sj = new StringJoiner(" | ");
sj.add("Hello").add("my").add("dear").add("world!");

System.out.println(sj.toString());

Read more of this post

Filed under Java Tagged with

Using the Comparator class in Java 8 to compare objects

November 12, 2016 1 Comment

Java 8 comes with a range of built-in implementations of the Comparator interface.

Consider the following Employee class:

public class Employee
{
    private UUID id;
    private String name;
    private int age;

    public Employee(UUID id, String name, int age)
    {
        this.id = id;
        this.name = name;
        this.age = age;
    }
        
    public UUID getId()
    {
        return id;
    }

    public void setId(UUID id)
    {
        this.id = id;
    }

    public String getName()
    {
        return name;
    }

    public void setName(String name)
    {
        this.name = name;
    }    
    
    public int getAge()
    {
        return age;
    }

    public void setAge(int age)
    {
        this.age = age;
    }    
}

…and the following list of employees:

Read more of this post

Filed under Java Tagged with ,

Join custom objects into a concatenated string in .NET C#

November 11, 2016 Leave a comment

Say you have the following Customer object with an overridden ToString method:

public class Customer
{
	public int Id { get; set; }
	public string Name { get; set; }
	public string City { get; set; }

	public override string ToString()
	{
		return string.Format("Id: {0}, name: {1}, city: {2}", Id, Name, City);
	}
}

Read more of this post

Filed under .NET, C# language features Tagged with ,

Checking for arithmetic overflow in C# .NET

November 10, 2016 Leave a comment

As you know primitive numeric types in C# – and other modern programming languages – have maximum and minimum values that can be stored in memory. If you’re trying to store a larger number in the variable then you’ll get an overflow with unexpected results.

Let’s see an example with the “byte” type. It is actually not one of the primitive types, like int or long, but simply a keyword for an integral type to store the numbers 0-255. Why 255? 1 byte consists of 8 bits and 8 bits in the computer’s memory allows us to store 255 as the highest number. 255 in binary is all 1’s for all 8 bits:

11111111

What happens if we add 1 to that? On paper we can easily solve it by some basic binary maths:

11111111
+ 00000001
===========
100000000

Read more of this post

Filed under .NET, C# language features Tagged with

Keyword function arguments in C#

November 9, 2016 Leave a comment

In this post we’ll quickly go through positional vs. keyword function arguments in C#.

Say you have the following function:

public string GetContent(bool base64encode, bool compress, bool withUniqueId, string filename, int maxSize)
{
	return string.Empty;
}

You’ll learn very early in your programming class that you can call a function by supplying the arguments in exactly the same order as they are listed in the method signature. Here’s an example:

Read more of this post

Filed under .NET, C# language features Tagged with

Combinable enumerations in C# .NET

November 8, 2016 Leave a comment

You’ve probably encountered cases with combined enum values using the pipe character, i.e. the “bitwise or” operator ‘|’:

Size.Large | Size.ExtraLarge

Let’s see an example of how to create such an enum.

The enumeration is decorated with the Flags attribute like in the following example:

Read more of this post

Filed under .NET, C# language features Tagged with ,

An example of grouping and joining collections in .NET: calculate total scores by student and subject

November 7, 2016 Leave a comment

Imagine that we have two collections. First we have a student collection with IDs and names. Then we also have a collection that holds the scores the students got in various subjects on several occasions. This latter collection also holds a reference to a student by the student ID. The goal is to join the two collections and calculate the total score of each student by subject.

There are various ways to solve this problem. The goal of this post is to show an example of using the LINQ GroupBy and GroupJoin operators to build an object with the information we need.

Read more of this post

Filed under .NET, LINQ Tagged with , , ,

Exploring a directory with the Java 8 Stream API

November 6, 2016 Leave a comment

We saw an example of using the Java 8 Stream API in File I/O in this post. We saw how the Files object was enhanced with the lines() method to open a line reader stream to a text file.

There are other enhancements related to streams that make is simple to explore a directory on your hard drive. The following code example will collect all folders and files within the c:\gitrepos folder and add them to an ArrayList:

Path gitReposFolderPath = Paths.get("c:\\gitrepos");
gitReposFolderPath.toFile().getName();
try (Stream<Path> foldersWithinGitReposStream = Files.list(gitReposFolderPath))            
{
    List<String> elements = new ArrayList<>();
    foldersWithinGitReposStream.forEach(p -> elements.add(p.toFile().getName()));            
    System.out.println(elements);
}
catch (IOException ioe)
{

}

I got the following output:

[cryptographydotnet, dotnetformsbasedmvc5, entityframeworksixdemo, owinkatanademo, signalrdemo, singletondemoforcristian, text.txt, webapi2demo, windowsservicedemo]

The code returns both files and folders one level below the top directory, i.e. the “list” method does not dive into the subfolders. I put a text file into the folder – text.txt – just to test whether in fact all elements are returned.

Say you only need files – you can use the filter method:

foldersWithinGitReposStream.filter(p -> p.toFile().isFile()).forEach(p -> elements.add(p.toFile().getName()));

This will only collect text.txt.

Let’s try something slightly more complex. We’ll organise the elements within the directory into a Map of Boolean and List of Paths. The key indicates whether the group of files are directories or not. We can use the collect method that we saw in this post:

try (Stream<Path> foldersWithinGitReposStream = Files.list(gitReposFolderPath))            
{
    Map<Boolean, List<Path>> collect = foldersWithinGitReposStream.collect(Collectors.groupingBy(p -> p.toFile().isDirectory()));
    System.out.println(collect);
}

This prints the following:

{false=[c:\gitrepos\text.txt], true=[c:\gitrepos\cryptographydotnet, c:\gitrepos\dotnetformsbasedmvc5, c:\gitrepos\entityframeworksixdemo, c:\gitrepos\owinkatanademo, c:\gitrepos\signalrdemo, c:\gitrepos\singletondemoforcristian, c:\gitrepos\webapi2demo, c:\gitrepos\windowsservicedemo]}

So we successfully grouped the paths.

As mentioned above the “list” method goes only one level deep. The “walk” method in turn digs deeper and extracts sub-directories as well:

try (Stream<Path> foldersWithinGitReposStream = Files.walk(gitReposFolderPath))
{
    List<String> elements = new ArrayList<>();
    foldersWithinGitReposStream.filter(p -> p.toFile().isFile()).forEach(p -> elements.add(p.toFile().getAbsolutePath()));
    System.out.println(elements);
}

We can also instruct the walk method to go n levels down with an extra integer argument:

try (Stream<Path> foldersWithinGitReposStream = Files.walk(gitReposFolderPath, 3))

View all posts related to Java here.

Filed under Java Tagged with ,

Older posts

Newer posts

Elliot Balynn's Blog

A directory of wonderful thoughts

Software Engineering

Web development

Disparate Opinions

Various tidbits

chsakell's Blog

WEB APPLICATION DEVELOPMENT TUTORIALS WITH OPEN-SOURCE PROJECTS

Once Upon a Camayoc

ARCHIVED: Bite-size insight on Cyber Security for the not too technical.