How to store the asymmetric keys in the Windows key store with C#

Introduction

In this post we briefly looked through asymmetric encryption in .NET. This encryption type requires two keys as opposed to symmetric encryption where the same key is used for encryption and decryption. In asymmetric encryption we have a public and a private key. The public key can be distributed so that other people can encrypt their messages to us. Then we use our private key to decrypt the ciphertext and read the original message. Therefore we don’t have to worry about the public key getting into the wrong hands. On the other hand asymmetric encryption is significantly slower than symmetric encryption due to the higher mathematical complexity.

In the post referenced above we saw how to store the asymmetric key-pair in an XML string. You can save this string in a file or database for later retrieval. There’s at least one more option for storage which is the cryptographic key store on Windows. We’ll go through how to use it in this post.

Read more of this post

Advertisements

Overview of asymmetric encryption in .NET

Introduction

Asymmetric encryption is based on a pair of cryptographic keys. One of the keys is public, i.e. anyone can have access to it. The other key is private which should be kept secret. The keys are complementary which means that they go hand in hand, they are not independent of each other. If a value is calculated as the public key then the private key cannot be calculated independently otherwise the encryption process will fail. Normally the public key is used to encrypt a message and the private key is there for the decryption process but they can be used in the opposite direction as well. Asymmetric algorithms are also called Public Key Cryptography.

The most important advantage of asymmetric over symmetric encryption is that we don’t need to worry about distributing the public key. The key used in symmetric encryption must be known to all parties taking part in the encryption/decryption process which increases the chances of the key landing in the wrong hands. With asymmetric encryption we only need to worry about storing the private key, the public key can be freely distributed. For a hacker it is not practical to attempt to calculate the private key based on the public key, that is close to impossible to achieve.

However, asymmetric encryption is a very complex mathematical process which is a lot slower than symmetric encryption. Also, storing the private key can still be problematic.

Read more of this post

Overview of symmetric encryption in .NET

Introduction

A symmetric encryption algorithm is one where the cryptographic key is the same for both encryption and decryption and is shared among the parties involved in the process.

Ideally only a small group of reliable people should have access to this key. Attackers decipher an encrypted message rather than trying to defeat the algorithm itself. The key can vary in size so the attacker will need to know this first. Once they know this then they will try combinations of possible key characters.

A clear disadvantage with this approach is that distributing and storing keys in a safe and reliable manner is difficult. On the other hand symmetric algorithms are fast.

In this short overview we’ll look at the symmetric encryption algorithms currently supported in .NET.

Read more of this post

How to calculate the message digest in Java

A message digest is an important concept in cryptography. A digest is an array of bytes created by a hashing formula. It is used to make sure that some digital information has not been tampered with. In a sense it is a footprint of an object, such as a file. If someone modifies the file then the footprint also changes. Then we know that the file has been changed. Another word for a message digest is checksum. There are various hashing algorithms to perform the calculation. SHA-256 and MD5 are the most common ones.

For an example you can check out the Apacha log4j2 download page here. You’ll see a column called “checksum” for various files. If you click on one of those you’ll see the MD5 hash of the file in a relatively human readable form, such as “31826c19fff94790957d798cb1caf29a”.

Java and other popular programming languages have built-in classes to construct a message digest. Let’s see an example from Java.

Say we have a file called data.txt in the C:\Tmp folder. Data.txt contains a single line “Hello world”. The following code snippet will build the message digest of the file:

try
{
    FileInputStream inputStream = new FileInputStream(new File("c:\\Tmp\\data.txt"));
    MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
    try (DigestInputStream digestInputStream = new DigestInputStream(inputStream, sha256))
    {
        while (digestInputStream.read() != -1)
        {
            //do nothing, let the digest stream go through the file input stream
        }
    }
    byte[] checksum = sha256.digest();

    System.out.println(DatatypeConverter.printBase64Binary(checksum));
    System.out.println(DatatypeConverter.printHexBinary(checksum));

}
catch (NoSuchAlgorithmException | IOException exception)
{
    System.err.println(exception.getMessage());
}

We ask the SHA-256 hashing algorithm to hash the file using DigestInputStream. We let the digest input stream read in the byte content of the file. We finally print the digest in two different forms: a base 64 and a hexadecimal string. My data.txt file gives the following checksums:

ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuyjfzw=
64EC88CA00B268E5BA1A35678A1B5316D212F4F366B2477232534A8AECA37F3C

We can also look at the MD5 checksum like on the references Apache download page. Just replace the “SHA-256” string with “MD5”. The same sample file yields the following values:

PiWWCnnbxptnTNTsZ6csYg==
3E25960A79DBC69B674CD4EC67A72C62

View all posts related to Java here.

Encrypt and decrypt plain string with triple DES in C#

We looked at encryption mechanisms in details on this blog – refer to the link at the end of this post. This is only a quick extension showing how to encrypt a plain string using Triple DES.

Consider the following method which encrypts a plain string with a key a cipher mode ECB:

Read more of this post

ultimatemindsettoday

A great WordPress.com site

Elliot Balynn's Blog

A directory of wonderful thoughts

Robin Sedlaczek's Blog

Developer on Microsoft Technologies

Softwarearchitektur in der Praxis

Wissenswertes zu Webentwicklung, Domain-Driven Design und Microservices

Technology Talks

on Microsoft technologies, Web, Android and others

Software Engineering

Web development

Disparate Opinions

Various tidbits

chsakell's Blog

WEB APPLICATION DEVELOPMENT BEST PRACTICES WITH MICROSOFT STACK & ANGULAR

Cyber Matters

Bite-size insight on Cyber Security for the not too technical.

Guru N Guns's

OneSolution To dOTnET.

Johnny Zraiby

Measuring programming progress by lines of code is like measuring aircraft building progress by weight.

%d bloggers like this: