'Net Encryption You Can Use - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

'Net Encryption You Can Use

Description:

.Net Encryption You Can Use. John Lunsford. lunsford_john_at_hotmail.com. ... For each unique input, the algorithm must create a different, unique output ... – PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 18
Provided by: Scot88
Category:
Tags: com | encryption | hotmail | net | use | www

less

Transcript and Presenter's Notes

Title: 'Net Encryption You Can Use


1
.Net Encryption You Can Use
  • John Lunsford
  • lunsford_john_at_hotmail.com

2
.Net Cryptography Class Structure
  • System.Security.Cryptography
  • Symmetric Algorithms (private-key encryption)
  • Asymmetric Algorithms (public-key encryption)
  • Hashing Algorithms
  • Digital Envelopes
  • Digital Signatures
  • Digital Certificates

3
3 Layer Inheritance Pattern
4
Symmetric Encryption
  • The same secret key is used for encryption and
    decryption.

5
Symmetric Encryption Classes
6
Asymmetric Encryption
  • A private key/public key pair is used for
    encryption/decryption.

7
Asymmetric Encryption Classes
8
Hash Algorithms
  • A hash algorithm takes a message of any length
    and generates a unique fixed-length value (called
    a hash).
  • For each unique input, the algorithm must create
    a different, unique output
  • The output of the hash algorithm must be a fixed
    length, regardless of the length of the input
    message.
  • The input message cannot be retrieved from the
    algorithms output.

9
Hash Algorithm Classes
10
Digital Envelopes
  • Exchange public keys with message recipient.
  • Generate a new symmetric secret key.
  • Encrypt secret key with the recipients public
    key and send to recipient.
  • Recipient can retrieve the secret key by
    decrypting using their private key.
  • Encrypt message with the secret key and send the
    cipher-text to the recipient.
  • Recipient can decrypt the message using the
    secret key.
  • Sender and Recipient discard the secret key after
    one use.

11
Digital Envelope Helper Classes
  • RSAPKCS1KeyExchangeFormatter
  • RSAPKCS1KeyExchangeDeformatter
  • RSAOAEPKeyExchangeFormatter
  • RSAOAEPKeyExchangeDeformater

12
Digital Signatures
  • Exchange public keys with message recipient.
  • Create a hash of the message using a hashing
    algorithm.
  • Encrypt the hash with your private key. (This
    encrypted hash is the signature.)
  • Send the message and the signature to the
    recipient.
  • The recipient decrypts the signature using your
    public key.
  • The recipient creates a hash of the message.
  • If the decrypted signature is identical to the
    hash created by the recipient, then the recipient
    can be assured that the message has not been
    altered in transit and that the message came from
    you.

13
Digital Signature Helper Classes
  • RSAPKCS1SignatureFormatter
  • RSAPKCS1SignatureDeformatter
  • DSASignatureFormatter
  • DSASignatureDeformatter

14
Digital Certificates
  • A digital certificate certifies that a senders
    public key actually came from the sender.
  • Chain of trust I will trust you if, and only
    if, a trusted third party will certify your
    identity.

15
Flow of Events
  • The Sender generates a key-pair.
  • The Sender sends a signed certificate request
    containing the Senders name and public key to
    the CA.
  • The CA validates the Senders information using
    the CAs certificate policy. (Each certificate
    authority has its own certificate policy
    criteria that the Sender must satisfy before a
    certificate can be issued.)
  • The CA issues a digital certificate to the
    Sender.
  • The Sender gives the Receiver the digital
    certificate.
  • The Receiver authenticates the certificate by
    verifying that the certificate is signed by the
    issuing certificate authority.
  • The Receiver generates a new symmetric secret
    key.
  • The Receiver encrypts secret key with the public
    key from the Senders certificate and sends it to
    the Sender.
  • The Sender retrieves the secret key by decrypting
    using the Senders private key.
  • The Sender encrypts a message with the secret key
    and sends the cipher-text to the Recipient.
  • The Recipient can decrypt the message using the
    secret key.
  • Sender and Recipient discard the secret key after
    one use.

16
Digital Certificate Classes
  • System.Security.Cryptography.X509Certificates.X509
    Certificate
  • Limited functionality
  • Microsoft.Web.Services.Security.X509.X509Certifica
    teStore
  • Microsoft.Web.Services.Security.X509.X509Certifica
    te
  • These classes are provided by Microsoft Web
    Service Extensions.
  • More functionality, but still limited
  • More support for Digital Certificates is coming
    in .Net 2.0

17
Summary
  • Symmetric Encryption
  • Asymmetric Encryption
  • Hashing
  • Digital Envelopes
  • Digital Signatures
  • Digital Certificates
Write a Comment
User Comments (0)
About PowerShow.com