Safe: Encryption and digital signature
Zhong Feng · October 2004 [Version: 1.0.0]
Summary This guide is based on Microsoft
® .NET multilayer application design and writing guidelines for the security and digital signatures of application management, mainly discuss common security tasks and programs, and provide appropriate information to help you choose best methods and techniques. This guide is suitable for architectural designers and developers.
This guide assumes that the reader has learned the basic knowledge of the topics such as XML Web Service and Web Service Enhancement. Related information about XML Web Service security can be referred to MSDN
Http://www.microsoft.com/china/msdn/library/archives/library/dnwssecur/html/xmlwssec.asp, please refer to MSDN Library in the basic case of Web Service Enhancement
Http://www.microsoft.com/china/msdn/library/webservices/webservices/introducingthewebservicesenhancements2.0mentageapi.mspx.
table of Contents
Introduction Encrypted Digital Signature Program Case Link Resources
Introduction
Safety is always a trusted corporate application of the cornerstone.
In the design of multi-storey applications, cross-machine or networks are often required to access the intermediate layer or data layer, whether these networks are internal or external, we have always assume that they are unsafe (unused) channels, because hackers or System vulnerability always appears in our unworthy, so we must encrypt and sign the data that needs to pass through these channels. Finally, I will give a security solution based on .NET XML Web Service.
Encryption encryption will prevent data from being viewed or modified, and secure communication channels on the original unsafe channel. The encrypted function is to convert clear text through a certain algorithm into a ciphertext that cannot be identified. In an old encryption method, the encrypted method (algorithm) and encrypted key must be confidential, otherwise it will be decipherted by the attacker Text. For example, the ancients will wrap a pale strip on a round wooden, then write the content of the letter to send the letter, and the content of these letters will become a pile of messy graphics, then this kind of sheep skin The approach wrapped on a round wooden can be regarded as an encryption algorithm, while the thickness of the round wooden stick, the winding direction of the skin strip is the key. In the modern encryption system, the privateness of the algorithm has no need, and the security of information is dependent on the confidentiality of the key. Two encryption methods in modern encryption systems: private key encryption method (also known as symmetric encryption); key encryption method (also known as asymmetric encryption).
The private key encryption private key encryption algorithm uses a single private key to encrypt and decrypt data. Since any one of the keys can be used to decrypt data, it must be obtained by protecting the key to unauthorized agents. The private key encryption is also called symmetrical encryption because the same key is used for both encryption and for decryption.
One way to jeopardize data encrypted with this type of password is to perform exhaustive search for each possible key. Depending on the size of the key used to perform encrypted, even if the fastest computer performs such search, it is extremely time consuming, so it is difficult to implement. The size of the larger key will make the decryption more difficult. Although in theory, encryption will not enable the opponent to retrieve encrypted data, it does greatly increase this cost. If a thorough search is performed to retrieve only a few days, it takes three months that takes three months, then the method of exhaustive search is un practical.
The private key encryption does not implement data integrity, that is, the data is prevented from being changed; it is not possible to complete the authentication of the identity, that is, the data is made from a specific party.
.NET Framework provides classes that implement the private key encryption algorithm:
DescryptoServiceProvider RC2CryptoServiceProvider RijndaElManaged TripleDescryptoServiceProvider key encryption public key encryption uses a private key that must be confidentially confidentially confidential with unauthorized users and a public key that can be disclosed to anyone. The public key and private key are related to mathematics; data encrypted with public key can only be decrypted with private key, and data with private key signatures can only be verified by public key authentication. The public key can be used by anyone; the key is used to encrypt data to be sent to the private key holder. Two keys are unique for communication sessions. The public key encryption algorithm is also referred to as an asymmetric algorithm, which is required to use a key encrypted data to decrypt data with another key.
The associated copile and private key is typically referred to as a key pair, and such a key pair can be generated by the associated key encryption class in the .NET.
.NET Framework provides classes that implement the public key encryption algorithm:
DSACryptoServiceProvider RsacryptoServiceProvider
The hash value hash algorithm maps any length of the binary value to a smaller binary value of the fixed length, which is called a hash value. The hash value is a single data unique and extremely compact value representation. If you have a clear text and even if you only change the letter in this paragraph, the subsequent hash will produce different values. It is impossible to find two different inputs that have a hash of the same value.
.NET Framework provides classes that implement digital signature algorithms:
HMACSHA1 MACTRIPLEDES MD5CryptoServiceProvider Sha1Managed Sha256Managed Sha384Managed Sha512Managed
Digital signature digital signature verifies the signage of the sender and protects the integrity of the data.
In fact, digital signatures are not a specific technology implementation, which is based on various solutions of various encrypted technologies. Usually a basic digital signature program may have the following steps:
The two sides each generate a public key / private key pair. The two sides exchange their public key. Both sides generate a private key for symmetric encryption method and use the symmetry private key encryption to send message. The hash value of the encrypted message is generated. The symmetrical private key and hash value is encrypted with the other party (the combination ciphertext is the signature), and the signature is sent to the other party after ciphertice of the message body.
The program case is based on the above digital signature technical solution, the policy point of the problem is
When will both generate a key pair (key / private key) and how to exchange their key.
A fixed key pair is generated when compiling or publish. Because the security of our entire program is based on the intensity and privacy of the private key, the private key is stored in the application, it is obviously not wise, then the private key is stored in a safe place and running Can you get it? Will it store it in the encryption lock, it is a good way, of course, you can also save it in a registry or a strange file, but don't recommend this, because at least it seems that the anti-attack capability of the encryption lock is more than others. Strong. Generate temporary key pairs at runtime. Before a initialization process, you will be requested to obtain the key to the other party and use the key encrypted signature in the later communication. In this scenario, how to prove that the obtained key is indeed the key to the key to the true tab, and the key to keeping a number of coupling has become a problem.
Of course, there are other scenarios to distribute and manage keys, such as KDC (Key Distribution Center), etc., this article will not be discussed. The following will talk about the implementation of these two programs in .NET, first assume a basic three-layer architecture application, which includes an intermediate service program (WebService, EJB / CORBA / COM components), a running Of course, there is a client program that is unknown in a network connected to the program, of course, there is a layer that provides data storage (database), regardless of the network protocols between these application layers, for data communication, mechanism for their data security processing Always the same, for the convenience of narrative, we call the service provider as "server", and the program that will use these services is called "client". Solution 1: Firstly, the respective key pairs of both parties are born and exchanged for each other. The server writes its key pair and the encrypted file of the client's key to the hardware encryption lock (the encryption lock is called "Server Lock"), and the client write its own key pair and the encrypted file of the server. Enter the hardware encryption lock (the encryption lock is called "client lock"). When data is sent each time, first obtain the other party's key from its own encryption lock, and the data sent by the key signature; when the data is received, the packet is used to verify the packet with the private key saved in the encryption lock. Of course, your encryption lock supplier may have better acquisitions and methods for obtaining information in encryption locks. Using hardware encryption locks is based on "The hardware of encryption locks is inseparable, and can be reversed and violently crackdown", which is also known for the hardware encryption lock developers.
advantage:
In the case where the hardware encryption lock is used to do a key container, it is relatively high security.
Disadvantages:
The key must be properly kept. Relying on key containers (such as encrypted locks, keys) and their security. Using hardware encryption locks will increase application costs. In fact, some systems are using hardware encryption locks to prevent piracy.
Solution 2: The server generates a key pair during the runtime initialization process, and saves the key in the global variable, and provides a method to post the generated key, and the communication must obtain the server through the method. The key, then use the key to sign the data sent; the server will verify the data signature when the server receives the data. The client generates a key pair during the runtime initialization process, and saves the key in the global variable, and obtain the key to the server through the public method of the server, then register and submit its own key for The server feedback responds to the response; the client will verify the data signature using its own private key when the client receives the response. The server needs to maintain a list of online lists, which may contain the identity of the Record Client Instance and its key (PK). Of course, specific applications also add some other columns. The client is registered with the server to generate an online record, and the server will return to the registered client's instance identifier (Ticketid), of course, the returned packet is provided when the client is registered (and saved in the list in the list ) The key is signed. When each client sends a request to the server in the future, it must be included with the client's own instance identifier, the server will look for the corresponding client's key according to this instance IDID, and use it in response to it. This key is signed. Usually, when the client is exited, a logout request is sent to the server. This action will delete an online record of the client instance. If the client is abnormally exiting, a recorded record will be left in the server's online list, then These invalid online records can be cleaned up by means of a connection time limit.
advantage:
No maintenance and storage keys are required.
Disadvantages: Safety hazards that may occur during the exchange of switches. Need to maintain your online list. In fact, I don't think this is a disadvantage, usually there may already have such a function in the application of multi-layer architecture.
Each of the above two programs have an advantages and disadvantages. If you can combine the advantages of these, it will be fine. Fortunately, we can do this. As long as the server is used in the server side, the client uses "Scheme 2" to achieve this, so you can use the hardware encryption lock in each client, and the client avoids the security when the server key is used. Hidden dangers.
PopEye Zhong is currently
Shenzhen Hengtaifeng Technology Company's architecture designer. He used C language to do graphical programming, engaged in the development and design of COM / COM components during a considerable period of time, and the development of Lotus / Notes and Dialogic voice card, starting from 2003 .NET This is full of fun and challenge development platform. In addition to enterprise application architecture design, component development, security, image processing, there is a strong interest in automobiles and firearms models. If you want to contact him, you can visit
Http://blog.9cbs.net/sw515 or email
SW515@21cn.com.
Related article: "User Right System Design Plan"
