Microsoft Enterprise Library : Relieving Cryptography Complexity - How Do I Use the Cryptography Block?

1/29/2015 3:26:03 AM

Like all of the Enterprise Library application blocks, you start by configuring your application to use the block, "Introduction." Then you add one or more hash algorithm providers and one or more symmetric encryption providers, depending on the requirements of your application. For each of the providers that you add, you select a specific cryptographic provider (algorithm type) and set the relevant properties for each provider. If none of the built-in hash and symmetric encryption providers meets your requirements, you can create custom providers and add these to your application configuration.

After you add the hash algorithm providers and symmetric encryption providers you want to use to your configuration, you can specify which of each of these is the default—the one that the block will use if you don't specify a provider by name in your application code. You just use the drop-down lists for the DefaultHashProvider and Default SymmetricCryptoProvider properties of the Cryptography Application Block node to select the default providers.

Of course, as part of the configuration task, you still need to decide which algorithms to use. For a Hash Algorithm Provider, you can specify if the provider will use a SALT value (a random string pre-pended to the plain-text before hashing to improve the security of the algorithm). In addition, for some of the hash algorithms, you can specify or generate a key for the algorithm. Other providers, such as SHA and MD5, do not require a key. As a general recommendation, you should aim to use at minimum the SHA256 algorithm for hashing, and preferably a more robust version such as SHA384 or SHA512.

You can use two different types of Symmetric Encryption Provider in the Cryptography block (in addition to custom providers that you create). You can choose the DPAPI provider, or one of the well-known symmetric algorithms such as AES or 3DES. As a general recommendation, you should aim to use the AES (Rijndael) algorithm for encryption.

Configuring Cryptographic Providers

In addition to the obvious properties for each cryptographic provider you add to your configuration, such as the name, some providers require you to specify an encryption key. If you already have a DPAPI-encrypted key file for the selected algorithm type, you can use this. Alternatively, you can copy an existing plain text value of the appropriate size and use that as the key value. The third approach is to allow the Enterprise Library configuration to generate a new key for you.

When you add a provider that requires a key to your configuration, the configuration tool starts the Cryptographic Key Wizard. This makes it easy to select or create the key you need and save it to a file and to set the appropriate values in the configuration. The only page you may find confusing is the final one where you must specify either Machine mode or User mode access to the key.

You should select Machine mode if your application runs on its own dedicated server that is not shared with other applications, or when you have multiple applications that run on the same server and you want those applications to be able to share sensitive information.

Select User mode if you run your application in a shared hosting environment and you want to make sure that your application's sensitive data is not accessible to other applications on the server. In this situation, each application should run under a separate identity, and the resources for the application—such as files and databases—should be restricted to that identity.

If you add a DPAPI symmetric cryptography provider to your list of symmetric providers, you can specify the Protection Scope as either CurrentUser or LocalMachine. Current user means that DPAPI uses a loaded user profile to generate the key, and only that user account can decrypt the encrypted data. Local machine means that any code running on the machine has access to the protected key, and can decrypt any secret encrypted in the same mode.

Adding the Required References

To use the Cryptography block features in your application, you must reference the required assemblies and then instantiate the objects you want to use in your code. In addition to the Enterprise Library assemblies you require in every Enterprise Library project, you should reference or add to your bin folder the following assemblies:

  • Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll

  • Microsoft.Practices.EnterpriseLibrary.Security.Caching.dll

To make it easier to use the objects in the Cryptography block, you can add references to the relevant namespaces to your project. Then you are ready to write some code. The following sections demonstrate the tasks you can accomplish, and provide more details about how the block helps you to implement a common and reusable strategy for cryptography.

However, before you start to use the objects in the block, you must resolve an instance of the CryptographyManager class. This class exposes the API that you interact with to use the cryptography providers (symmetric and hash providers) in your code. The simplest approach is to use the GetInstance method of the Enterprise Library container, as shown here.

// Resolve the default CryptographyManager object from the container.CryptographyManager defaultCrypto    = EnterpriseLibraryContainer.Current.GetInstance<CryptographyManager>();
  •  Microsoft Enterprise Library : Relieving Cryptography Complexity - What Does the Cryptography Block Do?
  •  Review : Aztech FG7008GR(AC) 2400Mbps Gigabit Router
  •  Using Exchange Server 2010 Antispam Tools (part 6) - Sender Reputation
  •  Using Exchange Server 2010 Antispam Tools (part 5) - Sender Filtering, Sender ID
  •  Using Exchange Server 2010 Antispam Tools (part 4) - IP Block and Allow Lists, Recipient Filtering , Tarpitting
  •  Using Exchange Server 2010 Antispam Tools (part 3) - IP Block and IP Allow Providers
  •  Using Exchange Server 2010 Antispam Tools (part 2) - Content Filtering
  •  Using Exchange Server 2010 Antispam Tools (part 1) - Enabling Antispam Agents for Hub Transport Servers , Enabling Automatic Updates for the Antispam Signatures
  •  Exchange Server 2007 Management and Maintenance Practices : Postmaintenance Procedures, Reducing Management and Maintenance Efforts
  •  Exchange Server 2007 Management and Maintenance Practices : Prioritizing and Scheduling Maintenance Best Practices (part 2) - Weekly Maintenance
    Video tutorials
    - How To Install Windows 8

    - How To Install Windows Server 2012

    - How To Install Windows Server 2012 On VirtualBox

    - How To Disable Windows 8 Metro UI

    - How To Install Windows Store Apps From Windows 8 Classic Desktop

    - How To Disable Windows Update in Windows 8

    - How To Disable Windows 8 Metro UI

    - How To Add Widgets To Windows 8 Lock Screen

    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010
    programming4us programming4us
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    Popular Tags
    Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Exchange Server Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe Photoshop CorelDRAW X5 CorelDraw 10 windows Phone 7 windows Phone 8 Iphone