Chapter 13: Cryptography

Overview

In the last chapter we examined the facilities that the .NET Framework offers for restricting what an application is permitted to do, based on the evidence of an assembly: where the code came from, whether it has been signed, the user account under which the process is running and so on. In short, how much the code itself is trusted. In this chapter, we are still going to keep on the security theme, but we'll move on to look at the mechanics of how you can ensure that code and messages passed across the network are not tampered with and cannot be read by unauthorized people. In the process we will also understand the details of how strong naming of assemblies works, and how to digitally sign an assembly with a certificate.

In more detail, we will cover:

  • Theory Of Cryptography - how both symmetric encryption and public key encryption work under the hood, and the differences between these forms of encryption. We'll also work through a sample that illustrates use of the System.Security.Cryptography classes to encrypt and decrypt data.

  • Code Signing - we'll examine the details of how to sign an assembly with a strong name and what is happening under the hood when you sign an assembly. I'll also highlight the difference between signing an assembly with a strong name and signing it with a digital certificate.

  • Digital Certificates - we'll examine digital certificates and Microsoft's Authenticode technology. I'll also present examples that demonstrate how to sign an assembly with a digital certificate, and show how to read the certificate programmatically.

Much of the information in this chapter is not specific to .NET - the general principles of cryptography on computing networks and the Internet have remained the same for several years - and I'll explain those principles in this chapter to make sure you have the necessary background material (if you're already familiar with cryptography theory, you may want to skip the first part of the chapter). However, I will also focus on how cryptographic principles are applied to managed assemblies in particular, and I will cover some of the facilities that are made available via the .NET cryptographic classes in the System.Security.Cryptography namespace to allow you to encrypt and decrypt your own messages.

We'll start off by going over the basic principles of cryptography, as they have existed for much of the last 25 years or so.



Advanced  .NET Programming
Advanced .NET Programming
ISBN: 1861006292
EAN: 2147483647
Year: 2002
Pages: 124

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net