How to store the asymmetric keys in the Windows key store with C#

October 26, 2016 6 Comments

Introduction

In this post we briefly looked through asymmetric encryption in .NET. This encryption type requires two keys as opposed to symmetric encryption where the same key is used for encryption and decryption. In asymmetric encryption we have a public and a private key. The public key can be distributed so that other people can encrypt their messages to us. Then we use our private key to decrypt the ciphertext and read the original message. Therefore we don’t have to worry about the public key getting into the wrong hands. On the other hand asymmetric encryption is significantly slower than symmetric encryption due to the higher mathematical complexity.

In the post referenced above we saw how to store the asymmetric key-pair in an XML string. You can save this string in a file or database for later retrieval. There’s at least one more option for storage which is the cryptographic key store on Windows. We’ll go through how to use it in this post.

Read more of this post

Filed under .NET, Security Tagged with , ,

Overview of asymmetric encryption in .NET

October 25, 2016 1 Comment

Introduction

Asymmetric encryption is based on a pair of cryptographic keys. One of the keys is public, i.e. anyone can have access to it. The other key is private which should be kept secret. The keys are complementary which means that they go hand in hand, they are not independent of each other. If a value is calculated as the public key then the private key cannot be calculated independently otherwise the encryption process will fail. Normally the public key is used to encrypt a message and the private key is there for the decryption process but they can be used in the opposite direction as well. Asymmetric algorithms are also called Public Key Cryptography.

The most important advantage of asymmetric over symmetric encryption is that we don’t need to worry about distributing the public key. The key used in symmetric encryption must be known to all parties taking part in the encryption/decryption process which increases the chances of the key landing in the wrong hands. With asymmetric encryption we only need to worry about storing the private key, the public key can be freely distributed. For a hacker it is not practical to attempt to calculate the private key based on the public key, that is close to impossible to achieve.

However, asymmetric encryption is a very complex mathematical process which is a lot slower than symmetric encryption. Also, storing the private key can still be problematic.

Read more of this post

Filed under .NET, Security Tagged with , ,

6 ways to concatenate strings with C# .NET

October 24, 2016 4 Comments

There are multiple ways to build a string out of other strings in .NET. Here come 5 of them.

Let’s start with the most obvious one that language learners encounter first, i.e. concatenation done by the ‘+’ operator:

string concatenatedOne = "This " + "is " + "a " + "concatenated " + "string.";

Read more of this post

Filed under .NET, C# language features Tagged with ,

Adjusting the date in Java 8 Date and Time API

October 23, 2016 Leave a comment

Introduction

We saw a couple of new concepts in the Java 8 Date and Time API on this blog:

All the above classes expose methods called “with” with a couple of overloads. LocalDate, LocalTime and LocalDateTime come with other methods whose names start with “with”, such as withSeconds or withMonth depending on the supported level of time unit. The “with” methods adjust some value of the date-related instances and return a new instance.

Read more of this post

Filed under Java Tagged with ,

Return a default value from a Map in Java 8

October 22, 2016 Leave a comment

Consider the following Employee class:

public class Employee
{
    private UUID id;
    private String name;
    private int age;

    public Employee(UUID id, String name, int age)
    {
        this.id = id;
        this.name = name;
        this.age = age;
    }
        
    public UUID getId()
    {
        return id;
    }

    public void setId(UUID id)
    {
        this.id = id;
    }

    public String getName()
    {
        return name;
    }

    public void setName(String name)
    {
        this.name = name;
    }    
    
    public int getAge()
    {
        return age;
    }

    public void setAge(int age)
    {
        this.age = age;
    }
}

Let’s put some Employee objects into a hash map:

Read more of this post

Filed under Generics, Java Tagged with ,

Overview of symmetric encryption in .NET

October 21, 2016 3 Comments

Introduction

A symmetric encryption algorithm is one where the cryptographic key is the same for both encryption and decryption and is shared among the parties involved in the process.

Ideally only a small group of reliable people should have access to this key. Attackers decipher an encrypted message rather than trying to defeat the algorithm itself. The key can vary in size so the attacker will need to know this first. Once they know this then they will try combinations of possible key characters.

A clear disadvantage with this approach is that distributing and storing keys in a safe and reliable manner is difficult. On the other hand symmetric algorithms are fast.

In this short overview we’ll look at the symmetric encryption algorithms currently supported in .NET.

Read more of this post

Filed under .NET, Security Tagged with , ,

Two ways to measure time in C# .NET

October 20, 2016 Leave a comment

Imagine that you want to want to measure how long it takes to execute a method or function in .NET. Maybe you suspect that a specific call in your code is taking too long but you would like to measure its performance.

There are professional – and expensive – tools out there that can monitor the behaviour of applications at the code level such as AppDynamics or DynaTrace. However, they are relatively complex to install and get to work and may be overkill for a simple initial code diagnostics. Instead you might want to start with some simple C# code to begin with.

Read more of this post

Filed under .NET, C# language features Tagged with

Overriding the + and – operators in C# .NET

October 19, 2016 Leave a comment

It’s easy to override the mathemtical operators like + or – in C# to build custom operations.

Consider the following simple Rectangle class:

public class Rectangle
{
	public Rectangle(int width, int height)
	{
		Height = height;
		Width = width;
	}

	public int Width
	{
		get;
		set;
	}

	public int Height
	{
		get;
		set;
	}
}

Read more of this post

Filed under .NET, C# language features Tagged with

Hashing passwords with a password based key derivation function in .NET

October 18, 2016 Leave a comment

In this post we saw a basic hashing technique using a password and a salt. We added an extra random set of bytes to the password and hashed the combined byte array instead of just the password bytes. We can store the salt along with the hash in our database. The main purpose of adding a salt to the password is to increase its entropy which more or less means randomness.

Hashing the password with an extra salt like that may still not be as secure as we think it is. The processing power of today’s fast computers and the increasing size of available rainbow tables keep pushing the limits of what’s available to crack with brute force attacks. One way to increase the difficulty of cracking a password is to keep hashing its hash in an iterative manner. Password-based key derivation functions help us achieve that and we’ll see an example of their usage in this post.

Read more of this post

Filed under .NET, Security Tagged with , , ,

How to hash passwords with a salt in .NET

October 17, 2016 2 Comments

In this post we learnt about using hashing in .NET. We also saw one of its basic functions in the same post which is message verification. In this post we saw how hashing coupled with a random key can be used for message authentication.

We also mentioned another common usage of hashing which is password storage. A password should never be stored as clear text in your system. Instead we save its hash value and when a user enters a password in a login field then we compare the hashed values instead of the plain string passwords. However, a simple one-way hash is generally still not good enough.

Read more of this post

Filed under .NET, Security Tagged with , ,

Older posts

Newer posts

Elliot Balynn's Blog

A directory of wonderful thoughts

Software Engineering

Web development

Disparate Opinions

Various tidbits

chsakell's Blog

WEB APPLICATION DEVELOPMENT TUTORIALS WITH OPEN-SOURCE PROJECTS

Once Upon a Camayoc

ARCHIVED: Bite-size insight on Cyber Security for the not too technical.