Chapter 14: Cryptography


Overview

Cryptography is one of the most complex aspects of software development that any developer will use. The theory of modern cryptographic techniques is extremely difficult to understand and requires a level of mathematical knowledge that relatively few people have ”or, for that matter, want to have. Fortunately, the Microsoft .NET Framework class library provides easy-to-use implementations of the most commonly used cryptographic techniques and support for the most popular and well- understood algorithms. The recipes in this chapter discuss the following:

  • Generating cryptographically random numbers (recipe 14.1)

  • Generating and verifying cryptographic hash codes and keyed hash codes (recipes 14.2, 14.3, 14.4, and 14.5)

  • Using symmetric and asymmetric algorithms to encrypt and decrypt data (recipes 14.6 and 14.8)

  • Deriving, storing, and exchanging cryptographic keys (recipes 14.7, 14.9, and 14.10)

As you read the recipes in this chapter and think about how to apply the techniques to your own code, keep in mind that cryptography is never something you should implement in isolation. Cryptography does not equal security; the use of cryptography is merely one small element of creating a secure solution. For a broader explanation of secure programming and where cryptography fits in the overall security landscape, you should read Writing Secure Code, Second Edition , by Michael Howard and David LeBlanc (Microsoft Press, 2003), a modern classic of computer literature that contains a wealth of practical field- tested information. For a more comprehensive coverage of the .NET cryptography classes than I provide here, I shamelessly recommend the book I cowrote with Adam Freeman, Programming .NET Security (O'Reilly and Associates, 2003). Programming .NET Security provides easily understood descriptions of cryptography fundamentals, covers all the .NET cryptography classes in detail, and demonstrates how to extend most aspects of the cryptographic framework.

For those not familiar with cryptography, here are the definitions of a few important words that you will need to know to understand this chapter. The definitions are excerpts from the Microsoft Computer Dictionary, Fifth Edition (Microsoft Press, 2002).

  • Ciphertext is the scrambled or otherwise encoded text of an encrypted message.

  • Encrypt means to encode (scramble) information in such a way that it's unreadable to all but those individuals possessing the key to the code.

  • Key is a string of bits used for encrypting and decrypting information to be transmitted.

  • Plaintext is nonencrypted or decrypted text.




C# Programmer[ap]s Cookbook
C# Programmer[ap]s Cookbook
ISBN: 735619301
EAN: N/A
Year: 2006
Pages: 266

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net