SlideShare a Scribd company logo
Cryptography in
  Silverlight
            Barry Dorrans
File Services – Isolated Storage
• Can be disabled by user
• Is limited in size (1Mb)
  (but an increase can be requested)
• Discoverable, not encrypted
• Persistent across browser sessions




                                       2
Accessing Isolated Storage
try
{
      using (var store = IsolatedStorageFile.GetUserStoreForApplication())
          using (var stream = store.CreateFile(quot;hello.txtquot;))
              using (var writer = new StreamWriter(stream))
              {
                  writer.Write(quot;Hello Worldquot;);
              }
}
catch (IsolatedStorageException)
{
    // Isolated storage not enabled or an error occurred
}


• Can create directories.
• Keep names short

                                                                             3
Encryption and Hashing
• Symmetric Encryption : AES
• Needs key and initialisation vector, both must
  be stored somewhere safe.
• Key can be derived from password or other
  known value
• Best practice dictates a new IV per encrypted
  item. Can be automatically generated.


                                                   4
Generating key from known value
• Use Rfc2898DeriveBytes class
internal static byte[] GetHashKey(string hashKey)
{
   // Initialise
   UTF8Encoding encoder = new UTF8Encoding();

    // Get the salt
    string salt = quot;I am a nice little saltquot;;
    byte[] saltBytes = encoder.GetBytes(salt);

    // Setup the hasher
    Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes(hashKey, saltBytes);

    // Return the key
    return rfc.GetBytes(16);
}




                                                                           5
Generating IV
static byte[] GenerateKey(int length)
{
    byte[] key = new byte[length];
    RNGCryptoServiceProvider provider =
        new RNGCryptoServiceProvider();
    provider.GetBytes(key);
    return key;
}

                                          6
Encrypting
internal static string Encrypt(byte[] key, byte[] iv, byte[] plainText)
{
    // Initialise
    AesManaged encryptor = new AesManaged();

    // Set the key
    encryptor.Key = key;
    encryptor.IV = iv;

    // create a memory stream
    using (MemoryStream encryptionStream = new MemoryStream())
    {
        // Create the crypto stream
        using (CryptoStream encrypt = new CryptoStream(encryptionStream,
                                                       encryptor.CreateEncryptor(),
                                                       CryptoStreamMode.Write))
        {
            // Encrypt
            encrypt.Write(plainText, 0, utfD1.Length);
            encrypt.FlushFinalBlock();
            encrypt.Close();

            // Would clear key/IV here

            // Return the encrypted data converted to base64. Could leave as byte array too.
            return Convert.ToBase64String(encryptionStream.ToArray());
        }
    }
}



                                                                                               7
Decrypting
internal static string Decrypt(byte[] key, byte[] iv, string encryptedString)
{
    // Initialise
    AesManaged decryptor = new AesManaged();
    byte[] encryptedData = Convert.FromBase64String(encryptedString);

    // Set the key
    decryptor.Key = key;
    decryptor.IV = iv;

    // create a memory stream
    using (MemoryStream decryptionStream = new MemoryStream())
    {
        // Create the crypto stream
        using (CryptoStream decrypt = new CryptoStream(decryptionStream,
                                                       decryptor.CreateDecryptor(),
                                                       CryptoStreamMode.Write))
        {
            // Decrypt
            decrypt.Write(encryptedData, 0, encryptedData.Length);
            decrypt.Flush();
            decrypt.Close();

            return decryptionStream.ToArray();
        }
    }
}




                                                                                      8
Calculating Hashes
• SHA Algorithms are built in
  SHA1, SHA256, HMACSHA1, HMAC256
• MD5 open source implementation available
  (Obviously not advised!)




                                             9
Calculated Hashes
// Initialize the keyed hash object.
HMACSHA256 myhmacsha256 = new HMACSHA256(key);
IsolatedStorageFileStream inStream =
  isoStore.OpenFile(sourceFilePath, FileMode.Op
  en);
inStream.Position = 0;
// Compute the hash of the input file.
byte[] hashValue =
  myhmacsha256.ComputeHash(inStream);



                                              10

More Related Content

What's hot

Tipo virus espia con esto aprenderan a espiar a personas etc jeropas de mrd :v
Tipo virus espia con esto aprenderan a espiar a personas etc jeropas de mrd :v Tipo virus espia con esto aprenderan a espiar a personas etc jeropas de mrd :v
Tipo virus espia con esto aprenderan a espiar a personas etc jeropas de mrd :v
Arian Gutierrez
 
MySQL Document Store -- SCaLE 17x Presentation
MySQL Document Store -- SCaLE 17x PresentationMySQL Document Store -- SCaLE 17x Presentation
MySQL Document Store -- SCaLE 17x Presentation
Dave Stokes
 
San Francisco Java User Group
San Francisco Java User GroupSan Francisco Java User Group
San Francisco Java User Group
kchodorow
 
Ether Mining 101
Ether Mining 101Ether Mining 101
Ether Mining 101
Conor Svensson
 
Ether mining 101 v2
Ether mining 101 v2Ether mining 101 v2
Ether mining 101 v2
Conor Svensson
 
Datacon LA - MySQL without the SQL - Oh my!
Datacon LA - MySQL without the SQL - Oh my! Datacon LA - MySQL without the SQL - Oh my!
Datacon LA - MySQL without the SQL - Oh my!
Dave Stokes
 
PhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cachePhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cache
André Rømcke
 
MySQL Without the SQL - Oh My! -> MySQL Document Store -- Confoo.CA 2019
MySQL Without the SQL - Oh My! -> MySQL Document Store -- Confoo.CA 2019MySQL Without the SQL - Oh My! -> MySQL Document Store -- Confoo.CA 2019
MySQL Without the SQL - Oh My! -> MySQL Document Store -- Confoo.CA 2019
Dave Stokes
 
ENIB 2015-2016 - CAI Web - S01E01- MongoDB and NoSQL
ENIB 2015-2016 - CAI Web - S01E01- MongoDB and NoSQLENIB 2015-2016 - CAI Web - S01E01- MongoDB and NoSQL
ENIB 2015-2016 - CAI Web - S01E01- MongoDB and NoSQL
Horacio Gonzalez
 
MySQL Without the SQL - Oh My! August 2nd presentation at Mid Atlantic Develo...
MySQL Without the SQL - Oh My! August 2nd presentation at Mid Atlantic Develo...MySQL Without the SQL - Oh My! August 2nd presentation at Mid Atlantic Develo...
MySQL Without the SQL - Oh My! August 2nd presentation at Mid Atlantic Develo...
Dave Stokes
 
ENIB 2015 2016 - CAI Web S02E03 - Forge JS 2/4 - MongoDB and NoSQL
ENIB 2015 2016 - CAI Web S02E03 - Forge JS 2/4 - MongoDB and NoSQLENIB 2015 2016 - CAI Web S02E03 - Forge JS 2/4 - MongoDB and NoSQL
ENIB 2015 2016 - CAI Web S02E03 - Forge JS 2/4 - MongoDB and NoSQL
Horacio Gonzalez
 
MySQL Without The SQL -- Oh My! PHP Detroit July 2018
MySQL Without The SQL -- Oh My! PHP Detroit July 2018MySQL Without The SQL -- Oh My! PHP Detroit July 2018
MySQL Without The SQL -- Oh My! PHP Detroit July 2018
Dave Stokes
 
Ethereum overview
Ethereum overviewEthereum overview
Ethereum overview
Alexander (Alex) Komyagin
 
Building Your First App with MongoDB
Building Your First App with MongoDBBuilding Your First App with MongoDB
Building Your First App with MongoDB
MongoDB
 
Redis Use Patterns (DevconTLV June 2014)
Redis Use Patterns (DevconTLV June 2014)Redis Use Patterns (DevconTLV June 2014)
Redis Use Patterns (DevconTLV June 2014)
Itamar Haber
 
Redis fundamental
Redis fundamentalRedis fundamental
Redis fundamental
Yuhao Zhang
 
Building Your First MongoDB App
Building Your First MongoDB AppBuilding Your First MongoDB App
Building Your First MongoDB App
Henrik Ingo
 
Redis and its many use cases
Redis and its many use casesRedis and its many use cases
Redis and its many use cases
Christian Joudrey
 
Hiding secrets in Vault
Hiding secrets in VaultHiding secrets in Vault
Hiding secrets in Vault
Neven Rakonić
 
Hernan Ochoa - WCE Internals [RootedCON 2011]
Hernan Ochoa - WCE Internals [RootedCON 2011]Hernan Ochoa - WCE Internals [RootedCON 2011]
Hernan Ochoa - WCE Internals [RootedCON 2011]
RootedCON
 

What's hot (20)

Tipo virus espia con esto aprenderan a espiar a personas etc jeropas de mrd :v
Tipo virus espia con esto aprenderan a espiar a personas etc jeropas de mrd :v Tipo virus espia con esto aprenderan a espiar a personas etc jeropas de mrd :v
Tipo virus espia con esto aprenderan a espiar a personas etc jeropas de mrd :v
 
MySQL Document Store -- SCaLE 17x Presentation
MySQL Document Store -- SCaLE 17x PresentationMySQL Document Store -- SCaLE 17x Presentation
MySQL Document Store -- SCaLE 17x Presentation
 
San Francisco Java User Group
San Francisco Java User GroupSan Francisco Java User Group
San Francisco Java User Group
 
Ether Mining 101
Ether Mining 101Ether Mining 101
Ether Mining 101
 
Ether mining 101 v2
Ether mining 101 v2Ether mining 101 v2
Ether mining 101 v2
 
Datacon LA - MySQL without the SQL - Oh my!
Datacon LA - MySQL without the SQL - Oh my! Datacon LA - MySQL without the SQL - Oh my!
Datacon LA - MySQL without the SQL - Oh my!
 
PhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cachePhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cache
 
MySQL Without the SQL - Oh My! -> MySQL Document Store -- Confoo.CA 2019
MySQL Without the SQL - Oh My! -> MySQL Document Store -- Confoo.CA 2019MySQL Without the SQL - Oh My! -> MySQL Document Store -- Confoo.CA 2019
MySQL Without the SQL - Oh My! -> MySQL Document Store -- Confoo.CA 2019
 
ENIB 2015-2016 - CAI Web - S01E01- MongoDB and NoSQL
ENIB 2015-2016 - CAI Web - S01E01- MongoDB and NoSQLENIB 2015-2016 - CAI Web - S01E01- MongoDB and NoSQL
ENIB 2015-2016 - CAI Web - S01E01- MongoDB and NoSQL
 
MySQL Without the SQL - Oh My! August 2nd presentation at Mid Atlantic Develo...
MySQL Without the SQL - Oh My! August 2nd presentation at Mid Atlantic Develo...MySQL Without the SQL - Oh My! August 2nd presentation at Mid Atlantic Develo...
MySQL Without the SQL - Oh My! August 2nd presentation at Mid Atlantic Develo...
 
ENIB 2015 2016 - CAI Web S02E03 - Forge JS 2/4 - MongoDB and NoSQL
ENIB 2015 2016 - CAI Web S02E03 - Forge JS 2/4 - MongoDB and NoSQLENIB 2015 2016 - CAI Web S02E03 - Forge JS 2/4 - MongoDB and NoSQL
ENIB 2015 2016 - CAI Web S02E03 - Forge JS 2/4 - MongoDB and NoSQL
 
MySQL Without The SQL -- Oh My! PHP Detroit July 2018
MySQL Without The SQL -- Oh My! PHP Detroit July 2018MySQL Without The SQL -- Oh My! PHP Detroit July 2018
MySQL Without The SQL -- Oh My! PHP Detroit July 2018
 
Ethereum overview
Ethereum overviewEthereum overview
Ethereum overview
 
Building Your First App with MongoDB
Building Your First App with MongoDBBuilding Your First App with MongoDB
Building Your First App with MongoDB
 
Redis Use Patterns (DevconTLV June 2014)
Redis Use Patterns (DevconTLV June 2014)Redis Use Patterns (DevconTLV June 2014)
Redis Use Patterns (DevconTLV June 2014)
 
Redis fundamental
Redis fundamentalRedis fundamental
Redis fundamental
 
Building Your First MongoDB App
Building Your First MongoDB AppBuilding Your First MongoDB App
Building Your First MongoDB App
 
Redis and its many use cases
Redis and its many use casesRedis and its many use cases
Redis and its many use cases
 
Hiding secrets in Vault
Hiding secrets in VaultHiding secrets in Vault
Hiding secrets in Vault
 
Hernan Ochoa - WCE Internals [RootedCON 2011]
Hernan Ochoa - WCE Internals [RootedCON 2011]Hernan Ochoa - WCE Internals [RootedCON 2011]
Hernan Ochoa - WCE Internals [RootedCON 2011]
 

Viewers also liked

Video operated citizen services
Video operated citizen servicesVideo operated citizen services
Video operated citizen services
ibsis
 
042109 Final City Council Hearing Graduation Status Presentation (4) (2003 Pp...
042109 Final City Council Hearing Graduation Status Presentation (4) (2003 Pp...042109 Final City Council Hearing Graduation Status Presentation (4) (2003 Pp...
042109 Final City Council Hearing Graduation Status Presentation (4) (2003 Pp...
biferguson
 
New Ralcorp Site Presentation
New Ralcorp Site PresentationNew Ralcorp Site Presentation
New Ralcorp Site Presentation
jwaddles80
 
Iowa Supreme Court Decision - 4/09 - Gay Marriage
Iowa Supreme Court Decision - 4/09 - Gay MarriageIowa Supreme Court Decision - 4/09 - Gay Marriage
Iowa Supreme Court Decision - 4/09 - Gay Marriage
ultravox63
 
Mvc
MvcMvc
Mvc
abhigad
 
Lean startup Methodology
Lean startup MethodologyLean startup Methodology
Lean startup Methodology
ali raza
 
Kscope11 recap
Kscope11 recapKscope11 recap
Kscope11 recap
Sander Mak (@Sander_Mak)
 
Proforma Overview
Proforma OverviewProforma Overview
Proforma Overview
Jim Hanika
 
Transaction Offer
Transaction OfferTransaction Offer
Transaction Offer
Vincent_Mills
 
25 Columbia Street, Brookline, Ma Lower Level
25 Columbia Street, Brookline, Ma   Lower Level25 Columbia Street, Brookline, Ma   Lower Level
25 Columbia Street, Brookline, Ma Lower Level
lovepats
 
Mars Approaching
Mars ApproachingMars Approaching
Mars Approaching
lps58
 
智慧型電子設備之未來概念設計研究
智慧型電子設備之未來概念設計研究智慧型電子設備之未來概念設計研究
智慧型電子設備之未來概念設計研究
開放式概念發表平臺
 
六帽
六帽六帽
六帽
cat iit
 
Bodene's term 4 eport
Bodene's term 4 eportBodene's term 4 eport
Bodene's term 4 eport
waikirikiri bilingual school
 
Updated Fair Student Funding Houston Presentation Final
Updated   Fair Student Funding Houston Presentation FinalUpdated   Fair Student Funding Houston Presentation Final
Updated Fair Student Funding Houston Presentation Final
biferguson
 
Charge conference 2013
Charge conference 2013Charge conference 2013
Charge conference 2013
Pete Berntson
 
MetaCurrency1rough
MetaCurrency1roughMetaCurrency1rough
MetaCurrency1rough
AlanRosenblith
 
Vip Program by Proforma Amplified
Vip Program by Proforma AmplifiedVip Program by Proforma Amplified
Vip Program by Proforma Amplified
Jim Hanika
 
應用微機電感測科技開發未來智慧生活產品
應用微機電感測科技開發未來智慧生活產品應用微機電感測科技開發未來智慧生活產品
應用微機電感測科技開發未來智慧生活產品
開放式概念發表平臺
 

Viewers also liked (20)

Sr tekst
Sr tekstSr tekst
Sr tekst
 
Video operated citizen services
Video operated citizen servicesVideo operated citizen services
Video operated citizen services
 
042109 Final City Council Hearing Graduation Status Presentation (4) (2003 Pp...
042109 Final City Council Hearing Graduation Status Presentation (4) (2003 Pp...042109 Final City Council Hearing Graduation Status Presentation (4) (2003 Pp...
042109 Final City Council Hearing Graduation Status Presentation (4) (2003 Pp...
 
New Ralcorp Site Presentation
New Ralcorp Site PresentationNew Ralcorp Site Presentation
New Ralcorp Site Presentation
 
Iowa Supreme Court Decision - 4/09 - Gay Marriage
Iowa Supreme Court Decision - 4/09 - Gay MarriageIowa Supreme Court Decision - 4/09 - Gay Marriage
Iowa Supreme Court Decision - 4/09 - Gay Marriage
 
Mvc
MvcMvc
Mvc
 
Lean startup Methodology
Lean startup MethodologyLean startup Methodology
Lean startup Methodology
 
Kscope11 recap
Kscope11 recapKscope11 recap
Kscope11 recap
 
Proforma Overview
Proforma OverviewProforma Overview
Proforma Overview
 
Transaction Offer
Transaction OfferTransaction Offer
Transaction Offer
 
25 Columbia Street, Brookline, Ma Lower Level
25 Columbia Street, Brookline, Ma   Lower Level25 Columbia Street, Brookline, Ma   Lower Level
25 Columbia Street, Brookline, Ma Lower Level
 
Mars Approaching
Mars ApproachingMars Approaching
Mars Approaching
 
智慧型電子設備之未來概念設計研究
智慧型電子設備之未來概念設計研究智慧型電子設備之未來概念設計研究
智慧型電子設備之未來概念設計研究
 
六帽
六帽六帽
六帽
 
Bodene's term 4 eport
Bodene's term 4 eportBodene's term 4 eport
Bodene's term 4 eport
 
Updated Fair Student Funding Houston Presentation Final
Updated   Fair Student Funding Houston Presentation FinalUpdated   Fair Student Funding Houston Presentation Final
Updated Fair Student Funding Houston Presentation Final
 
Charge conference 2013
Charge conference 2013Charge conference 2013
Charge conference 2013
 
MetaCurrency1rough
MetaCurrency1roughMetaCurrency1rough
MetaCurrency1rough
 
Vip Program by Proforma Amplified
Vip Program by Proforma AmplifiedVip Program by Proforma Amplified
Vip Program by Proforma Amplified
 
應用微機電感測科技開發未來智慧生活產品
應用微機電感測科技開發未來智慧生活產品應用微機電感測科技開發未來智慧生活產品
應用微機電感測科技開發未來智慧生活產品
 

Similar to Cryptography In Silverlight

Java Symmetric
Java SymmetricJava Symmetric
Java Symmetric
phanleson
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
Matthew McCullough
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developers
Michel Schudel
 
Tutorial s crypto api session keys
Tutorial   s crypto api session keysTutorial   s crypto api session keys
Tutorial s crypto api session keys
Dr. Edwin Hernandez
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOS
Graham Lee
 
Develop an encryption and decryption algorithm Your program should a.pdf
Develop an encryption and decryption algorithm  Your program should a.pdfDevelop an encryption and decryption algorithm  Your program should a.pdf
Develop an encryption and decryption algorithm Your program should a.pdf
deepaksatrker
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Future
tcloudcomputing-tw
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019
Michel Schudel
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API Landmines
Ernie Turner
 
Implement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptxImplement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptx
preethihp4500
 
VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012
Martin Kobetic
 
Task 4 The key is hardcoded in the provided source DES enc.pdf
Task 4  The key is hardcoded in the provided source DES enc.pdfTask 4  The key is hardcoded in the provided source DES enc.pdf
Task 4 The key is hardcoded in the provided source DES enc.pdf
abcfootcare
 
Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015
Derrick Isaacson
 
How does cryptography work? by Jeroen Ooms
How does cryptography work?  by Jeroen OomsHow does cryptography work?  by Jeroen Ooms
How does cryptography work? by Jeroen Ooms
Ajay Ohri
 
import java-io-IOException- import java-nio-file-Files- import java-ni.docx
import java-io-IOException- import java-nio-file-Files- import java-ni.docximport java-io-IOException- import java-nio-file-Files- import java-ni.docx
import java-io-IOException- import java-nio-file-Files- import java-ni.docx
hendriciraida
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptography
Erik LaBianca
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
 
Cryptography with Zend Framework
Cryptography with Zend FrameworkCryptography with Zend Framework
Cryptography with Zend Framework
Enrico Zimuel
 
Secure erasure code based cloud storage system with secure data forwarding
Secure erasure code based cloud storage system with secure data forwardingSecure erasure code based cloud storage system with secure data forwarding
Secure erasure code based cloud storage system with secure data forwarding
Priyank Rupera
 
12 symmetric key cryptography
12   symmetric key cryptography12   symmetric key cryptography
12 symmetric key cryptography
drewz lin
 

Similar to Cryptography In Silverlight (20)

Java Symmetric
Java SymmetricJava Symmetric
Java Symmetric
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developers
 
Tutorial s crypto api session keys
Tutorial   s crypto api session keysTutorial   s crypto api session keys
Tutorial s crypto api session keys
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOS
 
Develop an encryption and decryption algorithm Your program should a.pdf
Develop an encryption and decryption algorithm  Your program should a.pdfDevelop an encryption and decryption algorithm  Your program should a.pdf
Develop an encryption and decryption algorithm Your program should a.pdf
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Future
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API Landmines
 
Implement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptxImplement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptx
 
VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012
 
Task 4 The key is hardcoded in the provided source DES enc.pdf
Task 4  The key is hardcoded in the provided source DES enc.pdfTask 4  The key is hardcoded in the provided source DES enc.pdf
Task 4 The key is hardcoded in the provided source DES enc.pdf
 
Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015
 
How does cryptography work? by Jeroen Ooms
How does cryptography work?  by Jeroen OomsHow does cryptography work?  by Jeroen Ooms
How does cryptography work? by Jeroen Ooms
 
import java-io-IOException- import java-nio-file-Files- import java-ni.docx
import java-io-IOException- import java-nio-file-Files- import java-ni.docximport java-io-IOException- import java-nio-file-Files- import java-ni.docx
import java-io-IOException- import java-nio-file-Files- import java-ni.docx
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptography
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
 
Cryptography with Zend Framework
Cryptography with Zend FrameworkCryptography with Zend Framework
Cryptography with Zend Framework
 
Secure erasure code based cloud storage system with secure data forwarding
Secure erasure code based cloud storage system with secure data forwardingSecure erasure code based cloud storage system with secure data forwarding
Secure erasure code based cloud storage system with secure data forwarding
 
12 symmetric key cryptography
12   symmetric key cryptography12   symmetric key cryptography
12 symmetric key cryptography
 

Recently uploaded

JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 

Recently uploaded (20)

JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 

Cryptography In Silverlight

  • 1. Cryptography in Silverlight Barry Dorrans
  • 2. File Services – Isolated Storage • Can be disabled by user • Is limited in size (1Mb) (but an increase can be requested) • Discoverable, not encrypted • Persistent across browser sessions 2
  • 3. Accessing Isolated Storage try { using (var store = IsolatedStorageFile.GetUserStoreForApplication()) using (var stream = store.CreateFile(quot;hello.txtquot;)) using (var writer = new StreamWriter(stream)) { writer.Write(quot;Hello Worldquot;); } } catch (IsolatedStorageException) { // Isolated storage not enabled or an error occurred } • Can create directories. • Keep names short 3
  • 4. Encryption and Hashing • Symmetric Encryption : AES • Needs key and initialisation vector, both must be stored somewhere safe. • Key can be derived from password or other known value • Best practice dictates a new IV per encrypted item. Can be automatically generated. 4
  • 5. Generating key from known value • Use Rfc2898DeriveBytes class internal static byte[] GetHashKey(string hashKey) { // Initialise UTF8Encoding encoder = new UTF8Encoding(); // Get the salt string salt = quot;I am a nice little saltquot;; byte[] saltBytes = encoder.GetBytes(salt); // Setup the hasher Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes(hashKey, saltBytes); // Return the key return rfc.GetBytes(16); } 5
  • 6. Generating IV static byte[] GenerateKey(int length) { byte[] key = new byte[length]; RNGCryptoServiceProvider provider = new RNGCryptoServiceProvider(); provider.GetBytes(key); return key; } 6
  • 7. Encrypting internal static string Encrypt(byte[] key, byte[] iv, byte[] plainText) { // Initialise AesManaged encryptor = new AesManaged(); // Set the key encryptor.Key = key; encryptor.IV = iv; // create a memory stream using (MemoryStream encryptionStream = new MemoryStream()) { // Create the crypto stream using (CryptoStream encrypt = new CryptoStream(encryptionStream, encryptor.CreateEncryptor(), CryptoStreamMode.Write)) { // Encrypt encrypt.Write(plainText, 0, utfD1.Length); encrypt.FlushFinalBlock(); encrypt.Close(); // Would clear key/IV here // Return the encrypted data converted to base64. Could leave as byte array too. return Convert.ToBase64String(encryptionStream.ToArray()); } } } 7
  • 8. Decrypting internal static string Decrypt(byte[] key, byte[] iv, string encryptedString) { // Initialise AesManaged decryptor = new AesManaged(); byte[] encryptedData = Convert.FromBase64String(encryptedString); // Set the key decryptor.Key = key; decryptor.IV = iv; // create a memory stream using (MemoryStream decryptionStream = new MemoryStream()) { // Create the crypto stream using (CryptoStream decrypt = new CryptoStream(decryptionStream, decryptor.CreateDecryptor(), CryptoStreamMode.Write)) { // Decrypt decrypt.Write(encryptedData, 0, encryptedData.Length); decrypt.Flush(); decrypt.Close(); return decryptionStream.ToArray(); } } } 8
  • 9. Calculating Hashes • SHA Algorithms are built in SHA1, SHA256, HMACSHA1, HMAC256 • MD5 open source implementation available (Obviously not advised!) 9
  • 10. Calculated Hashes // Initialize the keyed hash object. HMACSHA256 myhmacsha256 = new HMACSHA256(key); IsolatedStorageFileStream inStream = isoStore.OpenFile(sourceFilePath, FileMode.Op en); inStream.Position = 0; // Compute the hash of the input file. byte[] hashValue = myhmacsha256.ComputeHash(inStream); 10