Using HMACs to authenticate a hash in .NET

In this post we learnt about using hashing in .NET. Hashes provide a one-way encryption of a message where the hash value ideally cannot be “unhashed”, i.e. we cannot build the original string from it. A hash or message digest helps us verify whether the message has been tampered with by a third party after it was sent to us.

We can take a step further and add an extra layer of security on our hashes. After all a message and its hash could originate from anyone. How can we verify the authenticity of the message as well? That’s where Hashed Message Authentication Codes, also called HashMACs or HMACs enter the picture.

Read more of this post

Hashing messages using various hash algorithms in .NET

A hash of a message can be viewed as its unique identifier. A series of bytes, such as a string, can be converted into hash, also called a message digest. A message digest is also a byte array that can be converted into a base 64 string for better readability. There are various hashing algorithms out there that can calculate the hash of a message. Ideally each algorithm should produce a different digest for each message, i.e. “Hello world” should yield a different hash from what “H3llo world” produces. I.e. a single change in the byte sequence will change the resulting hash. Also, it should be impossible to calculate the original message from a hash. Therefore hashing is a one-way cryptographic operation.

Read more of this post

How to store the asymmetric keys in the Windows key store with C#

Introduction

In this post we briefly looked through asymmetric encryption in .NET. This encryption type requires two keys as opposed to symmetric encryption where the same key is used for encryption and decryption. In asymmetric encryption we have a public and a private key. The public key can be distributed so that other people can encrypt their messages to us. Then we use our private key to decrypt the ciphertext and read the original message. Therefore we don’t have to worry about the public key getting into the wrong hands. On the other hand asymmetric encryption is significantly slower than symmetric encryption due to the higher mathematical complexity.

In the post referenced above we saw how to store the asymmetric key-pair in an XML string. You can save this string in a file or database for later retrieval. There’s at least one more option for storage which is the cryptographic key store on Windows. We’ll go through how to use it in this post.

Read more of this post

Overview of asymmetric encryption in .NET

Introduction

Asymmetric encryption is based on a pair of cryptographic keys. One of the keys is public, i.e. anyone can have access to it. The other key is private which should be kept secret. The keys are complementary which means that they go hand in hand, they are not independent of each other. If a value is calculated as the public key then the private key cannot be calculated independently otherwise the encryption process will fail. Normally the public key is used to encrypt a message and the private key is there for the decryption process but they can be used in the opposite direction as well. Asymmetric algorithms are also called Public Key Cryptography.

The most important advantage of asymmetric over symmetric encryption is that we don’t need to worry about distributing the public key. The key used in symmetric encryption must be known to all parties taking part in the encryption/decryption process which increases the chances of the key landing in the wrong hands. With asymmetric encryption we only need to worry about storing the private key, the public key can be freely distributed. For a hacker it is not practical to attempt to calculate the private key based on the public key, that is close to impossible to achieve.

However, asymmetric encryption is a very complex mathematical process which is a lot slower than symmetric encryption. Also, storing the private key can still be problematic.

Read more of this post

Overview of symmetric encryption in .NET

Introduction

A symmetric encryption algorithm is one where the cryptographic key is the same for both encryption and decryption and is shared among the parties involved in the process.

Ideally only a small group of reliable people should have access to this key. Attackers decipher an encrypted message rather than trying to defeat the algorithm itself. The key can vary in size so the attacker will need to know this first. Once they know this then they will try combinations of possible key characters.

A clear disadvantage with this approach is that distributing and storing keys in a safe and reliable manner is difficult. On the other hand symmetric algorithms are fast.

In this short overview we’ll look at the symmetric encryption algorithms currently supported in .NET.

Read more of this post

Implementing the IEqualityComparer of T interface for object equality with C# .NET

The generic IEqualityComparer of T provides you a way to indicate whether two custom objects are equal. We’ve looked at equality in a number of posts on this blog – see the link below if you’re curious – and IEqualityComparer fulfils a similar purpose though its usage is different.

Equality comparers are most often used to filter out duplicates from a collection.

Consider the following class:

Read more of this post

Implementing the IEquatable of T interface for object equality with C# .NET

In this short post we’ll see a way how to make two custom objects equatable using the generic IEquatable interface. Consider the following object:

public class Person
{
	public int Id { get; set; }
	public string Name { get; set; }
	public int Age { get; set; }
}

The object superclass has an Equals method that we can test as follows:

Read more of this post

How to declare natural ordering by implementing the generic IComparable interface in C# .NET

Primitive types such as integers can be ordered naturally in some way. Numeric and alphabetical ordering comes in handy with numbers and strings. However, there’s no natural ordering for your own custom objects with a number of properties.

Consider the following Triangle class:

public class Triangle
{
	public double BaseSide { get; set; }
	public double Height { get; set; }

	public double Area
	{
		get
		{
			return (BaseSide * Height) / 2;
		}
	}
}

Read more of this post

How to find various machine-level system information with C# .NET

The Environment class holds a range of properties that help you describe the system your app is running on. Here come some examples with inline comments:

//returns true on my PC as it is a 64-bit OS
bool is64BitOperatingSystem = Environment.Is64BitOperatingSystem;
//returns the machine name, in my case ANDRAS1
string machineName = Environment.MachineName;
			
//returns information about the operating system version, build, major, minor etc.
OperatingSystem os = Environment.OSVersion;
//returns the platform id as an enumeration, in my case it's Win32NT
PlatformID platform = os.Platform;			
//the currently installed service pack, Service Pack 1 in my case
string servicePack = os.ServicePack;
//the toString version of the OS, this is "Microsoft Windows NT 6.1.7601 Service Pack 1" on this PC
string version = os.VersionString;

//I have 4 processors on this PC
int processorCount = Environment.ProcessorCount;

//returns 2 logical drives: C: and D:
string[] logicalDrives = Environment.GetLogicalDrives();

//this is how to find all environmental variables of the system and iterate through them
IDictionary envVars = Environment.GetEnvironmentVariables();
foreach (string key in envVars.Keys)
{
	//e.g. the JAVA_HOME env.var is set to "C:\Progra~1\Java\jdk1.7.0_51\"
	Debug.WriteLine(string.Concat("key: ", key, ": ", envVars[key]));
}

//retrieve the current CLR version, in my case it's "4.0.30319.18444"
Version clrVersion = Environment.Version;

View all posts related to diagnostics here.

Getting notified by a Windows process change in C# .NET

In this post we saw an example of using the ManagementEventWatcher object and and EventQuery query. The SQL-like query was used to subscribe to a WMI – Windows Management Instrumentation – level event, namely a change in the status of a Windows service. I won’t repeat the explanation here again concerning the techniques used. So if this is new to you then consult that post, the code is very similar.

In this post we’ll see how to get notified by the creation of a new Windows process. This can be as simple as starting up Notepad. A Windows process is represented by the Win32_Process WMI class which will be used in the query. We’ll take a slightly different approach and use the WqlEventQuery object which derives from EventQuery.

Consider the following code:

Read more of this post

Elliot Balynn's Blog

A directory of wonderful thoughts

HarsH ReaLiTy

A Good Blog is Hard to Find

Software Engineering

Web development

Disparate Opinions

Various tidbits

chsakell's Blog

WEB APPLICATION DEVELOPMENT TUTORIALS WITH OPEN-SOURCE PROJECTS

Once Upon a Camayoc

Bite-size insight on Cyber Security for the not too technical.

%d bloggers like this: