“Chishiki” is Japanese for “knowledge.” e-chishiki.com aims to bring software developers, information security professionals, IT executives and other IT pros a rich body of knowledge in the form of articles, interviews, tutorials and technical discussions. Our contributors are among the biggest names in the Indian IT industry and include noted authors, educators and practitioners.
Online Book Preview – Microsoft .NET Framework: Web Application Security
Chapter 8: Cryptography (Online Book Preview)
Microsoft .NET Framework: Web Application Security
The following is an excerpt from Vijay Mukhi's upcoming book "Microsoft .NET Framework: Web Application Security" This book will be available for purchase from this site as an e-book in April, 2008.
Base64 Encoding
We have mentioned Base64 encoding many times in earlier chapters. A .doc file sent as an email attachment is usually converted to a Base64 encoded file, and then sent to the recipient. The email client at the recipient’s end decodes any attachments . Here we talk about the same concept, using a Form example.
c.cs
using System;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
public class zzz : Form
{
private void b1_Click(object s, EventArgs e)
{
byte[] b = Encoding.UTF8.GetBytes(t1.Text);
t2.Text = Convert.ToBase64String(b);
}
private void b2_Click(object s, EventArgs e)
{
byte[] b = Convert.FromBase64String(t2.Text);
t1.Text = Encoding.ASCII.GetString(b);
}
public zzz()
{
b1 = new Button();
b2 = new Button();
t1 = new TextBox();
t2 = new TextBox();
l1 = new Label();
l2 = new Label();
b1.Location = new Point(191, 46);
b1.Size = new Size(95, 35);
b1.Text = "ASCII To Base64";
b1.Click += new EventHandler(b1_Click);
b2.Location = new Point(191, 144);
b2.Size = new Size(95, 35);
b2.Text = "Base64 To ASCII";
b2.Click += new EventHandler(this.b2_Click);
t1.Location = new Point(31, 46);
t1.Size = new Size(100, 100);
t1.TabIndex=0;
t2.Location = new Point(34, 144);
t2.Size = new Size(100, 100);
t2.Multiline=true;
l1.Location = new Point(31, 24);
l1.Size = new Size(75, 15);
l1.Text = "ASCII string";
l2.Location = new Point(31, 122);
l2.Size = new Size(75, 15);
l2.Text = "Base64 string";
ClientSize = new Size(292, 273);
Controls.Add(l2);
Controls.Add(l1);
Controls.Add(t2);
Controls.Add(t1);
Controls.Add(b2);
Controls.Add(b1);
}
Button b1;
Button b2;
TextBox t1;
TextBox t2;
Label l1;
Label l2;
static void Main()
{
Application.Run(new zzz());
}
}
Before we explain the above program, let’s build and run the executable file, c.exe . The program displays a fairly pleasant window as shown in Screen 8.1 (we have never considered ourselves to be masters of designing good-looking screens, and this can be considered as one of our best efforts!)
| Screen 8. 1 |
Enter vijay in the first text box and then click the ASCII To Base64button, with the result that the second multiline textbox shows the Base64 characters (Screen 8.2).
| Screen 8. 2 |
Now, clear the text vijay from the first text box, and leaving the text in the second one untouched, click the second button (Base64 To ASCII). The text vijay is displayed in the first text box.
The program first converts an ASCII string into a byte array, which is then encoded into a Base64 string. The encoded value is shown in the second text box. In the same manner, the base64 string in the second text box is converted back to an ASCII string when the second button is clicked.
The Encoding class has static properties like UTF8 and ASCII which are of type Encoding. The GetBytes method in UTF8 takes a string, vijay, and converts it into an array of bytes. Conversely, the method GetString in the ASCII property takes an array of bytes and returns a string.
The two functions Convert.ToBase64String and Convert.FromBase64String in b1_Click and b2_Click perform the task of encoding and decoding the values, respectively. The rest of the program is simply GUI code. ASCII values range from 0 to 255, and hence it is an 8-bit character set. When there are only 64 characters, it uses only 6 bits. Base64 encoding converts an 8-bit character set into a 6-bit one. The 64 characters in 6-bit encoding are the 26 uppercase letters, 26 lowercase, 10 numeric digits and the + and - characters. The string always ends with the = character. In such encoding schemes, the rules are pre-defined with no secrets, no keys, and no passwords. The final text may look like gibberish, but there is no encryption as such.
Let’s now look at some algorithms used in cryptography, which may be classified into two categories: symmetric and asymmetric. In symmetric cryptography, a single key is used for encryption and decryption, while the latter methods employ two keys. One of the simplest example of symmetric cryptography is XORing bytes. What is important in these cases is for the key to be hidden from the public eye, as anyone gaining access to it can retrieve the data in its original form.
The data (which could either be text or an image, etc.), is passed to a program that calculates a number based on the bytes in the file. This number is called a hash value. Any change in the data changes the hash value drastically and distinctively. This hash value is a unique number, created using a particular algorithm in the program and therefore under no circumstances will any two pieces of data have the same hash value.
Given a hash value, one can never guess the original value, as it is non-reversible. The hash value is also sometimes referred to as the data’s digital signature.
There are many ways of calculating this hash value, with two of the most common algorithms being SHA1 (Simple Hash Algorithm 1) and MD5 (Message Digest version 5).
Each algorithm in the .NET framework becomes a service provider. All code related to encryption and decryption is contained in the providers, and we simply have to call the functions in them. Let’s take the first one, based on SHA1.
