Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


Create a Simple, Reusable Infrastructure for Public Key Encryption Using VB.NET : Page 4

When using public key encryption, you're vulnerable to tricks dreamed up by untrusted sources, including subtle altering of encrypted messages. In this article you'll learn to foil them using a message hash and new cryptographic classes included in the .NET Framework. Design and implement your own public key cryptography infrastructure and test it with a VB.NET WinForms tester application.




Application Security Testing: An Integral Part of DevOps

Decrypt and Authenticate a Message
The decryption process is very similar to the encryption process. The DecryptAndAuthenticate function calls Decrypt, passing the KeyPair along with the encrypted text string. Decrypt initializes the m_objRSA object—with the private key this time—and makes repeated calls to DecryptBlock until all of the encrypted text is decrypted. In this case, the block size is simply the size of the key in bytes (from the GetModulusSize function), because the encrypted strings have been padded to this size. DecryptBlock simply calls the m_objRSA's Decrypt method. This converts the string into a byte array for decrypting and then converts the decrypted bytes back into a string. Again, the decrypted blocks are accumulated until all of the text has been decrypted.

Figure 1:The rich text box populates with the key information, the test string, the encrypted string, and the recovered test string.

After the message has been decrypted, DecryptAndAuthenticate passes it to Authenticate. The Sign function adds a signature, with <signature> and </signature> tags around it, to the end of the message. The Authenticate function relies on these tags. StripSignature removes the signature and these tags from the message, restoring it to its original content. The string inside the signature tags is returned from the StripSignature function. AuthenticateText calls the m_objRSAs VerifyData function with the original text string (as a byte array) and the signature that was appended to the message. In order to verify the data, this function must compute the hash (message digest) for the original content and compare it to the decrypted hash from the message (that was encrypted using the senders private key and is decrypted by the VerifyData function using the m_objRSA objects public key). This hash algorithm must be the same as the one used to sign the message. So, once again, pass in a new instance of the default hash algorithm from System.Security.Cryptography.HashAlgorithm.Create().

Build the project to create the PKInfrastructure.dll file in the project's Bin subfolder.

Testing the Public Key Cryptography Infrastructure
Create a new VB.Net Windows Application project. Name the project PKInfrastructureTester. Add a reference to the project to the PKInfrastructure.dll file from the PKInfrastructure project (from the menu, project\add reference—then browse to the PKInfrastructure project folder and navigate to the BIN subfolder and select the PKInfrastructure.dll file). Double-click on the form to open the code window and replace what is there with the code from Listing 6. Build and start the application. Click the Do Test button. You should see the rich text box populate with the key information, the test string, the encrypted string and the recovered test string (Figure 1).

Wrapping Up
Public key cryptography is a powerful and essential technology. The ability to widely distribute public keys and communicate securely over an open network is truly revolutionary.

However, sometimes a combination of asymmetric and symmetric cryptography will produce the best results. Public key cryptography algorithms are very intensive and applications that involve time sensitive operations and/or large quantities of content will fare better with a symmetric cryptographic approach. In the most common scenario, a temporary symmetric key is generated specifically for a given communication session and exchanged using public key cryptography. This symmetric key is then used for the remainder of the conversation.

Public key cryptography also has applications beyond communications. For example, an application that needs to protect its data files might use a public/private key pair for reading and writing these files. If the data files are large, you might use symmetric cryptography and store the public key encrypted symmetric key at the beginning of the file. Because the symmetric key is encrypted with the application's public key, only this application can decrypt it using the corresponding private key—which is compiled into the application. You could even publish the public key and the file format in order to allow developers and other applications to generate data files that our application can read and process. But those developers and applications would not be able to read those files or any other data files for our application.

The .NET framework provides everything needed to use public key cryptography alone or in conjunction with symmetric cryptography. However, the large volume of documentation and the lack of concise yet complete examples can be bewildering. You must be familiar with the idiosyncrasies and limitations and it helps to know a few tricks for getting around them.

This article and accompanying project files are a useful example of public key encryption in VB.Net. The example application demonstrated how a framework facilitates key generation and provides access to both public and private key information, while supporting each of the four cryptographic activities of the secure messaging model. This PKInfrastructure assembly is re-usable and offers a simple, friendly interface for using public key encryption in your projects.

David Saylor has a Ph.D. in Biomedical Sciences and has been working in Web application development for over 6 years. He lives in east Tennessee with his wife and enjoys writing programming articles, reading everything, and fishing. You can reach him here.
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date