Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Cryptography » Security   (RSS)
Monday, August 25, 2008 11:09 AM

Using RSACryptoServiceProvider for RSA-SHA256 signatures

Earlier this month, we released .NET 3.5 SP 1 .  One of the new features available in this update is that RSACryptoServiceProvider has gained the ability to create and verify RSA-SHA256 signatures. Since RSACryptoServiceProvider relies on the underlying
Posted by shawnfa | 0 Comments
Filed under: ,
Thursday, July 10, 2008 12:20 PM

CLR Security Team CodePlex Site

The CLR Security Team just launched our CodePlex site: http://www.codeplex.com/clrsecurity .  Currently, it contains two assemblies that provide additional functionality to the security APIs shipped in v3.5 of the .NET Framework. We'd love your feedback
Posted by shawnfa | 0 Comments
Friday, March 14, 2008 7:00 AM

Disabling the FIPS Algorithm Check

.NET 2.0 introduced a check for FIPS certified algorithms if your local security policy was configured to require them. This resulted in algorithms which are not FIPS compliant (or implementations which were not FIPS certified) throwing an InvalidOperationException
Posted by shawnfa | 0 Comments
Wednesday, January 31, 2007 10:00 AM

Please do not use the .NET 2.0 HMACSHA512 and HMACSHA384 Classes

We’ve recently discovered a bug in the HMACSHA512 and HMACSHA384 classes which shipped in the .NET Framework 2.0. This bug will cause these algorithms to produce incorrect results which are not consistent with other implementations of HMAC-SHA-512 and
Posted by shawnfa | 15 Comments
Filed under: ,
Monday, January 22, 2007 1:58 PM

Elliptic Curve Diffie-Hellman

The second elliptic curve algorithm added to Orcas is elliptic curve Diffie-Hellman, as the ECDiffieHellmanCng class. This is the first time Diffie-Hellman is available as part of the .NET Framework, so lets take a quick look at what it is and what it
Posted by shawnfa | 3 Comments
Filed under: , , ,
Thursday, January 18, 2007 12:05 PM

Elliptic Curve DSA

Yesterday I gave a quick rundown of all the new cryptographic algorithms available in the Orcas January CTP . Today, let's dive in a little deeper to the first of the elliptic curve algorithms, ECDSA. (ECDSA, along with the rest of the CNG classes in
Posted by shawnfa | 3 Comments
Filed under: , , ,
Wednesday, January 17, 2007 10:21 AM

New Crypto Algorithms in Orcas

The January CTP of Orcas is now available , and with it comes a total of 12 new cryptography algorithm implementation classes, which include 2.5 new algorithms. (I'll count AES as 0.5 since we did already have Rijndael :-) ). These classes also are the
Posted by shawnfa | 5 Comments
Filed under: , , ,
Thursday, October 12, 2006 9:07 AM

XML Digital Signature Verification with Unknown URI Schemes

A few years back, there was a discussion thread on one of my XML digital signature posts about verifying an XML digital signature which had references to a URI prefixed with cid:. Recently Mattias Lindberg ran into this problem as well, and devised a
Posted by shawnfa | 0 Comments
Filed under: , ,
Monday, October 09, 2006 9:20 AM

The Differences Between Rijndael and AES

When you need to write managed code that encrypts or decrypts data according to the AES standard, most people just plug the RijndaelManaged class in and go on their way. After all, Rijndael was the winner of the NIST competition to select the algorithm
Posted by shawnfa | 10 Comments
Filed under: ,
Thursday, September 21, 2006 10:49 AM

RSACryptoServiceProvider, Impersonation, and Ephemeral Keys

If you construct an RSACryptoServiceProvider class without specifying a name for the key, the CLR will create a random ephemeral key for you. However, ephemeral keys are not supported by the underlying CAPI APIs on all of the platforms that the CLR was
Posted by shawnfa | 2 Comments
Filed under: ,
Thursday, March 30, 2006 10:14 AM

Getting Information about an X509Certificate's Key Container

One of the more common things a lot of people want to do with their X509Certificate2 is figure out what key container its keys are stored in. You can access this information relatively trivially via the PublicKey property of the X509Certificate2 object:
Posted by shawnfa | 7 Comments
Filed under: ,
Monday, February 27, 2006 9:50 AM

Enveloped PKCS #7 Signatures

One of the new cryptography features in the v2.0 framework is the ability to work with PKCS #7 formatted messages . The PKCS features live in the new System.Security.Cryptography.Pkcs namespace in System.Security.dll, and are thin wrappers around the
Posted by shawnfa | 10 Comments
Filed under: ,
Thursday, January 05, 2006 9:30 AM

RSACryptoServiceProvider::Encrypt Does Not Provide Deterministic Output

On one of our internal mailing lists, someone was recently surprised that calling RSACryptoServiceProvider::Encrypt on the same bytes with the same instance of the RSA object resulted in two completely different output bytes arrays. The reason is that
Posted by shawnfa | 2 Comments
Filed under: ,
Thursday, November 10, 2005 10:27 AM

Don't Roundtrip Ciphertext Via a String Encoding

One common mistake that people make when using managed encryption classes is that they attempt to store the result of an encryption operation in a string by using one of the Encoding classes. That seems to make sense right? After all, Encoding.ToString()
Posted by shawnfa | 27 Comments
Filed under: ,
Thursday, November 03, 2005 1:48 PM

Adding SignatureProperties to SignedXml

One of the optional portions of the W3C XML digital signature specification allows for a set of SignatureProperties to be assigned to a signature. SignatureProperties allow the signer to place some metadata into the signature itself, such as the time
Posted by shawnfa | 3 Comments
More Posts Next page »
 
Page view tracker