A brief overview of cryptography in Silverlight

1. Cryptography in
Silverlight
Barry Dorrans

2. File Services – Isolated Storage
• Can be disabled by user
• Is limited in size (1Mb)
(but an increase can be requested)
• Discoverable, not encrypted
• Persistent across browser sessions
2

3. Accessing Isolated Storage
try
{
using (var store = IsolatedStorageFile.GetUserStoreForApplication())
using (var stream = store.CreateFile(quot;hello.txtquot;))
using (var writer = new StreamWriter(stream))
{
writer.Write(quot;Hello Worldquot;);
}
}
catch (IsolatedStorageException)
{
// Isolated storage not enabled or an error occurred
}
• Can create directories.
• Keep names short
3

4. Encryption and Hashing
• Symmetric Encryption : AES
• Needs key and initialisation vector, both must
be stored somewhere safe.
• Key can be derived from password or other
known value
• Best practice dictates a new IV per encrypted
item. Can be automatically generated.
4

5. Generating key from known value
• Use Rfc2898DeriveBytes class
internal static byte[] GetHashKey(string hashKey)
{
// Initialise
UTF8Encoding encoder = new UTF8Encoding();
// Get the salt
string salt = quot;I am a nice little saltquot;;
byte[] saltBytes = encoder.GetBytes(salt);
// Setup the hasher
Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes(hashKey, saltBytes);
// Return the key
return rfc.GetBytes(16);
}
5

6. Generating IV
static byte[] GenerateKey(int length)
{
byte[] key = new byte[length];
RNGCryptoServiceProvider provider =
new RNGCryptoServiceProvider();
provider.GetBytes(key);
return key;
}
6

7. Encrypting
internal static string Encrypt(byte[] key, byte[] iv, byte[] plainText)
{
// Initialise
AesManaged encryptor = new AesManaged();
// Set the key
encryptor.Key = key;
encryptor.IV = iv;
// create a memory stream
using (MemoryStream encryptionStream = new MemoryStream())
{
// Create the crypto stream
using (CryptoStream encrypt = new CryptoStream(encryptionStream,
encryptor.CreateEncryptor(),
CryptoStreamMode.Write))
{
// Encrypt
encrypt.Write(plainText, 0, utfD1.Length);
encrypt.FlushFinalBlock();
encrypt.Close();
// Would clear key/IV here
// Return the encrypted data converted to base64. Could leave as byte array too.
return Convert.ToBase64String(encryptionStream.ToArray());
}
}
}
7

8. Decrypting
internal static string Decrypt(byte[] key, byte[] iv, string encryptedString)
{
// Initialise
AesManaged decryptor = new AesManaged();
byte[] encryptedData = Convert.FromBase64String(encryptedString);
// Set the key
decryptor.Key = key;
decryptor.IV = iv;
// create a memory stream
using (MemoryStream decryptionStream = new MemoryStream())
{
// Create the crypto stream
using (CryptoStream decrypt = new CryptoStream(decryptionStream,
decryptor.CreateDecryptor(),
CryptoStreamMode.Write))
{
// Decrypt
decrypt.Write(encryptedData, 0, encryptedData.Length);
decrypt.Flush();
decrypt.Close();
return decryptionStream.ToArray();
}
}
}
8

9. Calculating Hashes
• SHA Algorithms are built in
SHA1, SHA256, HMACSHA1, HMAC256
• MD5 open source implementation available
(Obviously not advised!)
9

10. Calculated Hashes
// Initialize the keyed hash object.
HMACSHA256 myhmacsha256 = new HMACSHA256(key);
IsolatedStorageFileStream inStream =
isoStore.OpenFile(sourceFilePath, FileMode.Op
en);
inStream.Position = 0;
// Compute the hash of the input file.
byte[] hashValue =
myhmacsha256.ComputeHash(inStream);
10