Hi, I am learning C#, .NET 2.0, and Winforms to learn the things that are
covered by the MCTS exam 70-536. I am writing a client server Quicken like
application where the user's account files are saved on the server. I am now
looking at encryption for the sending of the user data between the server and
client and for the files saved on the server.

The MSDN docs talk about the strategy of using public/private key pairs to
have the client and server come up with a symmetric key that can then be used
to encrypt/decrypt the data sent back and forth. So, this symmetric key
would just be a session key. I guess it is OK for the client and server to
just keep this key in memory until the session is over?

I would also like to encrypt the data saved on the server, but cannot
understand how this should be done. It would seem that the server needs to
create another symmetric key for this. So, it would need to save this key
somewhere safe. However, only asymmetric keys can be stored in the CSP. How
would a server maintain its key for encrypting/decrypting the file data?

Also, the data passed between the client and server is in a class. So, for
encryption I am thinking that I would serialize the class to a stream,
encrypt the stream, and then send it to the server. The server would receive
the stream, decrypt it, and then deserialize the data back into a the class
object. Would this be safe to do? How secure is deserialization in handling
possible garbage data? I would expect it to throw an exception if the data
was garbage due to a decryption failure or a hacker attempt. After that, it
would serialize the data and encrypt it with its own symmetric key to save it
to file, and use the reverse process to read it.

I am using Winforms now, but will learn ASP .NET eventually as well. How
does one learn about best practices for things like this? All the info I
have seen so far just explains A, B, or C without showing how all the parts
can be used together for a solid strategy.

THanks!

I neglected to mention that for a possible solution to the issue of
decrypting the class data and then serialing it I am thinking of adding
hashing or signing to the mix. I could hash the unencrypted class data, and
the client or server could then do the same after decrypting the data to
determine if it would be safe to attempt to serialize it. So the steps would
be this when the client wants to send the class to the server to have it
saved on the server:

1) serialize the UserAccount class to a memory stream.
2) generate a hash value for the data in the memory stream.
3) encrypt the memory stream.
4) send the encrypted stream and hash to the server.

5) the server decrypts the stream.
6) the server generates and compares the hash value of the stream to the
hash value from the client.
7) if the hash matches, encrypt the data using its own symmetric key and
save the data to file.

I realized that since the client is sending the serialized data that the
server can just encrypt it and save it to file. Then it can read it from
file, decrypt it with its private symmetric key and encrypt it with the
session key and send it to the client. I don't see the hash concept being
necessary for the server to client transmission. Is this correct? I see the
server as being the only one vulnerable to a hacker attempt.

thx.


"DXRick" wrote:

You really really should consider using SslStream to do this instead of
rolling your own crypto algorithm. It does exactly what you want. Because
you control both the client and server, you don't even need to use a "real"
certificate. You could use a self-signed cert deployed with the server and
code the client to ignore certificate trust errors.

SSL does exactly what you want and is a very well-tested protocol.

Another option is to use NegotiateStream if Windows authentication is a
possibility, as then you can encrypt and sign the network traffic using
SSPI.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"DXRick" <DXRick (AT) discussions (DOT) microsoft.com> wrote

Thanks, but I am a student. I looked up SSL in the MSDN help files, and it
looks like it is way beyond me at this point. I am trying to LEARN about
cryptography, which is the objective of item 5.4 in Microsoft's Exam 70-536
outline. I am not going to learn much without actually doing it and was just
wondering if there was something out there that shows how to put the pieces
together.

Thanks anyway.



"Joe Kaplan" wrote:

Ok, if you want to learn crypto, I wouldn't start by trying to create a
network protocol that uses RSA key pairs to negotiate a session key and then
encrypts and signs the resulting traffic. That's a lot. SslStream is
really easy to use compared to rolling your own, so I recommended that if
you were trying to actually get work done.

I'd start by learning how to do some symmetric encryption/decryption first
and learn how to compute a hash. Then look at RSA and asymmetric crypto.
There are lots of good articles out there and some very good books that
explain how this stuff works. Build it up in pieces. You might try asking
a few specific questions about different pieces you are trying to build up.

I don't know of a good end to end example in managed code that shows
something like a complete implementation of SSL.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"DXRick" <DXRick (AT) discussions (DOT) microsoft.com> wrote

So, you don't see the crypto classes as something real programmers would use
in the real world today? There are better and easier solutions now, like
SSL, and when I do learn ASP .NET, these other solutions will become the
preferred way of doing things?

I don't want to learn the details of how the encryption algorithms work. On
my previous job with Visa I worked with the application code that performs
PIN, CVV, CVV2, and chip card verification services without needing to know
exactly how the security modules performed their task. I just needed to be
able to build the interfaces to the security modules (pass the keys and set
the encryption method), read the return code, and determine what to do with a
credit card authorization message based on the result. I don't see doing
this with .NET implementations of RSA, DES, etc. as being much different.

Of course, my previous job made me aware of security. The actual PIN
entered by a person would never be in its naked decrypted state outside of
the security modules, which were special computers designed to perform the
tasks in such a way that it would be impossible for anyone to ever capture
the data inside of it. The keys used by the banks were also secured.

Now with .NET on a PC, I read that the keys should not be saved to file
unencrypted. So, I guess that the HD is considered to be very hackable,
while data in the memory of a PC is not. That is why I was wondering where
the vulnerabilities are with internet and intranet apps and how one should
code for them.

It only takes two lines of code to create RSA asymmetric keys and save them
to the CSP. The other tasks are equally simple. So, I didn't see any of
them as being complex enough that I should just concentrate on one at a time.
I looked on Amazon but did not see any books devoted to the subject. I am
going to go to a book store today and look through some books to see if I can
find anything.

Again, all the books and MSDN docs are good at explaining what one method
does. There is just very little to explain how to best put the pieces
together.

thx.


"Joe Kaplan" wrote:

Let me rephrase my recommendation. Learning the crypto classes is a
good idea if you want to learn crypto. However, if you actually need to
create a working secure network stream protocol that uses asymmetric
encryption with RSA keys, it would be better just to use the built in one
that works, SSL. There's nothing wrong with dinking around with that as a
learning experience, but don't deploy it!

As far as learning experiences go, I wouldn't start quite so grandiose as a
full network protocol like that. Start with the basics and build up from
there. I think you'll get a much better handle on crypto that way.

I hear you on the lack of good examples on this stuff. It is a bit of a
niche and no one seems to have written a good book on it, although there was
some decent coverage of the .NET 1.0 crypto classes in the now out of print
".NET Security" from AW. Books like practical cryptography are still
recommended by most as the way to learn how to use the algorithms and
principals, although none of that is .NET-specific. That's probably what
I'd recommend to you though.

I agree that some of the stuff looks really simple on the surface, but the
devil is in the details. That's why I suggest starting small. Most people
approaching crypto for the first time have no idea what a block cipher vs a
stream cipher is or what an initialization vector is and how that should be
handled. These are important things to learn.

In terms of saving keys, that is a hard problem. Basically, no place is
safe. It is all just a matter of degrees as to how easy they are to
recover. Writing Secure Code has some coverage on storing secrets that
might be interesting to you.

Typically by now, some of the other more hardcore crypto guys on this
newsgroup would have seen this post and added more value than I have so far,
so I am anxiously awaiting to see what further advice they have.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"DXRick" <DXRick (AT) discussions (DOT) microsoft.com> wrote