ebook img

Developing Secure Applications with Visual Basic PDF

606 Pages·2000·27.415 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Developing Secure Applications with Visual Basic

www.it-ebooks.info 00 8369 FM 4/25/00 9:04 AM Page i Developing Secure Applications with Visual Basic® Davis Chapman 800 East 96th St., Indianapolis, Indiana, 46240 USA www.it-ebooks.info 00 8369 FM 4/25/00 9:04 AM Page ii Developing Secure Applications ASSOCIATEPUBLISHER Bradley L. Jones  with Visual Basic EXECUTIVEEDITOR Chris Webb Copyright © 2000 by Sams Publishing All rights reserved. No part of this book shall be reproduced,stored in a DEVELOPMENTEDITOR retrieval system,or transmitted by any means,electronic,mechanical,photo- Steve Rowe copying,recording,or otherwise,without written permission from the pub- MANAGINGEDITOR lisher. No patent liability is assumed with respect to the use of the information Charlotte Clapp contained herein. Although every precaution has been taken in the preparation of this book,the publisher and author assume no responsibility for errors or PROJECTEDITOR omissions. Nor is any liability assumed for damages resulting from the use of Carol L. Bowers the information contained herein. COPYEDITORS International Standard Book Number:0-672-31836-9 Barbara Hacha Chuck Hutchinson Library of Congress Catalog Card Number:99-66271 Printed in the United States of America INDEXER Kevin Fulcher First Printing:May 2000 PROOFREADER 02 01 00 4 3 2 1 Jill Mazurczyk Trademarks TECHNICALEDITOR All terms mentioned in this book that are known to be trademarks or service John Hooven marks have been appropriately capitalized. Sams Publishing cannot attest to the accuracy of this information. Use of a term in this book should not be TEAMCOORDINATOR regarded as affecting the validity of any trademark or service mark. Meggo Barthlow Warning and Disclaimer MEDIADEVELOPER Jason Haines Every effort has been made to make this book as complete and as accurate as possible,but no warranty or fitness is implied. The information provided is on INTERIORDESIGNER an “as is”basis. The author and the publisher shall have neither liability nor Anne Jones responsibility to any person or entity with respect to any loss or damages aris- COVERDESIGNER ing from the information contained in this book or programs accompanying it. Anne Jones COPYWRITER Eric Bogert www.it-ebooks.info 00 8369 FM 4/25/00 9:04 AM Page iii Contents at a Glance Introduction 1 1 Understanding Encryption and Application Security 5 2 Getting Started with the CryptoAPI 19 3 Symmetric and Password Encryption 37 4 Public/Private Key Communications 93 5 Requesting and Retrieving Certificates 139 6 Working with Certificates 175 7 Working With Certificate Revocation Lists 217 8 Using Digital Signatures 257 9 DCOM Through SSL 309 10 Understanding Windows 2000 Security and Security Descriptors 339 11 Using NT Login Authentication 385 12 Working with Active Directory Security (ADSI) and an LDAP Server 407 13 Active Directory Security and Searching 441 14 Developing with COM+ Security 475 15 Microsoft Certificate Server 495 16 Security Standards 505 17 Legal Issues of Digital Signatures and Encryption 517 A Cryptographic Service Providers 529 Index 535 www.it-ebooks.info 00 8369 FM 4/25/00 9:04 AM Page iv Contents Introduction 1 1 Understanding Encryption and Application Security 5 Exploring Encryption ..............................................................................6 Encryption Algorithms and Standards ..............................................6 Other Forms of Encryption ............................................................10 Using Certificates with Encryption ......................................................13 Certificate Authorities ....................................................................14 Certificate Chains ............................................................................14 Digital Signatures ................................................................................14 Message Enveloping ............................................................................15 Secure Sockets Layer (SSL) ................................................................16 Security and Audit Logs ......................................................................16 Why Do You Need Audit Logs? ......................................................17 What Information Needs to Be Included? ......................................17 Summary ..............................................................................................18 2 Getting Started with the CryptoAPI 19 CryptoAPI and Cryptographic Service Providers ................................20 Opening the CSP ............................................................................21 Closing the CSP ..............................................................................25 Listing the Available CSPs ..............................................................26 Listing the CSP Types ....................................................................27 Getting the Default CSP ..................................................................28 Setting the Default CSP ..................................................................28 CSP Types and Encryption Algorithms ..........................................29 Listing CSPs and CSP Types ................................................................30 Designing the Interface ..................................................................30 Listing the CSPs ..............................................................................32 Building a List of the CSP Types ....................................................34 Summary ..............................................................................................36 3 Symmetric and Password Encryption 37 Generating Hashes of Strings and Messages ........................................38 Creating a Hash Object ..................................................................38 Destroying a Hash Object ..............................................................40 Duplicating a Hash Object ..............................................................41 Hashing Data ..................................................................................42 Hashing a Session Key ....................................................................42 Getting Hash Information ................................................................43 Setting Hash Information ................................................................45 www.it-ebooks.info 00 8369 FM 4/25/00 9:04 AM Page v Generating Symmetric Keys ................................................................46 Deriving a Key ................................................................................47 Generating a Key ............................................................................48 Destroying a Key ............................................................................50 Duplicating a Key ............................................................................51 Understanding Basic Encryption and Decryption ................................52 Encrypting Data ..............................................................................53 Decrypting Data ..............................................................................54 Building a Simple Encryption Application ..........................................55 Declaring API Functions,Constants,and Variables ........................55 Exposing Properties ........................................................................60 Acquiring a Handle for the CSP ....................................................61 Deriving a Password-Based Key ....................................................64 Destroying a Password-Based Key ................................................66 Performing Data Encryption ..........................................................67 Performing Data Decryption ..........................................................69 Designing the User Interface ..........................................................70 Performing the Encryption ..............................................................71 Performing the Decryption ..............................................................74 Building a File Encryption/Decryption Utility ....................................77 Making Additional Declarations ....................................................77 Hashing the Data File ......................................................................78 Encrypting the Data File ................................................................80 Decrypting the Data File ................................................................81 Designing the User Interface ..........................................................83 Performing the Data File Encryption ..............................................85 Performing the Data File Decryption ..............................................89 Summary ..............................................................................................92 4 Public/Private Key Communications 93 Block Versus Stream Algorithms ..........................................................94 Salt Values:What Are They and Why Use Them? ........................95 Generating Salt Values ....................................................................96 Extracting Salt Values from Session Keys ......................................97 Setting Salt Values in Session Keys ..............................................100 Generating,Saving,and Retrieving Public/Private Keys ..................103 Exporting and Importing Keys ..........................................................104 Exporting Keys ..............................................................................104 Importing Keys ..............................................................................107 Building a Secure Messaging Utility ..................................................108 Creating the Initial Project ............................................................108 Making Additional Declarations ..................................................109 Adding New Properties ................................................................110 www.it-ebooks.info 00 8369 FM 4/25/00 9:04 AM Page vi vi DDEEVVEELLOOPPIINNGGSSEECCUURREEAAPPPPLLIICCAATTIIOONNSSWWIITTHHVVIISSUUAALLBBAASSIICC Getting the User Public/Private Key Pair ......................................111 Exporting the Public Key ..............................................................113 Importing the Public Key ..............................................................114 Creating and Exporting the Session Key ......................................115 Importing the Session Key ............................................................117 Terminating the Class ....................................................................118 Designing the User Interface ........................................................119 Performing Form Initialization,Cleanup, and Other Miscellaneous Functions ..........................................121 Performing the Initial Server Key Exchange ................................123 Performing the Client Key Exchange ............................................125 Finishing the Server Key Exchange ..............................................126 Sending and Receiving Encrypted Messages ................................127 Listening for Connection Requests ..............................................130 Connecting to the Server ..............................................................131 Receiving the Connection Request ..............................................132 Handling Data Arrival ..................................................................133 Closing the Socket Connection ....................................................135 Summary ............................................................................................138 5 Requesting and Retrieving Certificates 139 Digital Certificates Explained ............................................................140 Requesting a Certificate from a Certificate Authority ..................141 Verifying the Key Owner’s Identity ..............................................142 Acquiring Certificates ........................................................................143 Generating a Certificate Request ..................................................143 Retrieving Certificates ..................................................................151 Building a Certificate Request Utility ................................................155 Creating the Certificate Request Class ..........................................156 Creating the Class Properties ........................................................159 Class Initialization and Termination ............................................161 Requesting Certificates ..................................................................162 Retrieving Certificates ..................................................................164 Checking on Request Status ..........................................................165 Designing the Form ......................................................................166 Form Initialization and Shutdown ................................................168 Performing the Certificate Request ..............................................169 Checking the Status and Getting the Certificate ..........................171 Running the Sample Application ..................................................171 Summary ............................................................................................173 www.it-ebooks.info 00 8369 FM 4/25/00 9:04 AM Page vii vii CCOONNTTEENNTTSS 6 Working with Certificates 175 Managing Certificate Stores ..............................................................176 Opening Certificate Stores ............................................................177 Closing Certificate Stores ..............................................................178 Duplicating the Store Handle ........................................................179 Managing Certificates and Certificate Contexts ................................179 Creating a Certificate Context ......................................................179 Duplicating a Certificate Context ..................................................180 Finding a Certificate ......................................................................180 Enumerating Certificates ..............................................................183 Getting an Issuer Certificate ..........................................................183 Serializing a Certificate ................................................................184 Verifying a Certificate ..................................................................186 Deleting a Certificate ....................................................................186 Freeing a Certificate Context ........................................................187 Getting Information from Certificates ................................................187 Enumerating Certificate Properties ..............................................188 Getting Property Values ................................................................189 Setting Certificate Properties ........................................................192 Getting the Subject Name ............................................................193 Building a Certificate Maintenance Utility ........................................195 Creating the Project ......................................................................195 Listing the Certificates ..................................................................198 Converting Strings ........................................................................207 Extracting the Key Spec ................................................................208 Extracting the Provider Type ........................................................209 Extracting the Container Name ....................................................210 Extracting the CSP Name ..............................................................211 Designing the Form ......................................................................212 Listing the Certificates ..................................................................214 Summary ............................................................................................214 7 Working with Certificate Revocation Lists 217 Verifying Certificates Against a CA ..................................................218 Extracting a Certificate Serial Number ........................................219 Formatting the Serial Number ......................................................222 The CertAdminCOM Object ........................................................223 Verifying a Certificate ..................................................................223 Building and Maintaining a Certificate Revocation List ....................226 Creating a CRL Context ................................................................226 Adding a CRL to a Certificate Store ............................................227 Duplicating a CRL ........................................................................229 Freeing a CRL Context ................................................................229 www.it-ebooks.info 00 8369 FM 4/25/00 9:04 AM Page viii viii DEVELOPINGSECUREAPPLICATIONSWITHVISUALBASIC Deleting a CRL ..............................................................................229 Getting a CRL from a Certificate Store ........................................230 Verifying Certificates Against a CRL ..........................................231 Managing a Certificate Revocation List ............................................233 Creating the Project ......................................................................233 Adding New Properties ................................................................237 Converting Bytes to Hex String ....................................................238 Checking Certificates Against the CA ..........................................239 Creating a CRL from a File ..........................................................241 Checking Certificates Against a CRL ..........................................243 Adding a CRL to a Certificate Store ............................................244 Modifying the Certificate Listing ..................................................246 Modifying the Form ......................................................................249 Using the CA to Verify Certificates ..............................................251 Using the CRL to Verify Certificates ............................................252 Importing the CRL to the Certificate Store ..................................254 Summary ............................................................................................255 8 Using Digital Signatures 257 What Are Digital Signatures? ............................................................259 Signing Messages and Verifying Signatures ......................................261 Encryption Algorithms and Pointers ............................................261 Signing a Message ........................................................................262 Verifying a Message Signature ......................................................266 Verifying a Detached Message Signature ....................................269 Determining the Number of Signers ............................................270 Enveloping Messages ..........................................................................270 Encrypting a Message ..................................................................270 Decrypting a Message ..................................................................273 Signing and Encrypting a Message ..............................................275 Decrypting and Verifying a Message ............................................276 Decoding a Message ......................................................................277 Building a Signing Utility ..................................................................279 Creating the Project ......................................................................279 Retrieving the Signing Certificate ................................................282 Determining the Certificate Type ..................................................284 Signing the Message ......................................................................286 Verifying the Signature ..................................................................289 Retrieving the Exchange Certificate ..............................................291 Encrypting the Message ................................................................293 Decrypting the Message ................................................................296 Releasing the Signature Certificate ..............................................299 Designing the Form ......................................................................300 Getting the Signer Certificate ........................................................302 www.it-ebooks.info 00 8369 FM 4/25/00 9:04 AM Page ix ix CONTENTS Performing the Signing ................................................................302 Performing the Signature Verification ..........................................304 Performing the Encryption ............................................................305 Performing the Decryption ............................................................307 Summary ............................................................................................308 9 DCOM Through SSL 309 RDS and HTTP ..................................................................................310 Standard DCOM Versus RDS DCOM ..........................................310 RDS DataSpaceObject ..................................................................313 RDSServerDataFactoryObject ....................................................313 RDS DataControlObject ..............................................................314 Interacting with Custom Server Controls ......................................314 Enabling RDS Use ........................................................................315 DCOM Tunneling Through TCP/IP ..................................................316 Client Configuration ......................................................................317 Server Configuration for DCOM ..................................................319 Building a DCOM-HTTPS Application ............................................323 Creating the Server Object ............................................................323 Creating the Client Application ....................................................329 Summary ............................................................................................337 10 Understanding Windows 2000 Security and Security Descriptors 339 Windows 2000 Security Overview ....................................................340 Fundamental Security Data Structures ..............................................341 Understanding Process and Thread Security Tokens ....................341 Understanding the Security Identifier ..........................................346 Understanding ACE,DACL,and SACLStructures ............................354 Determining the Size Required for an ACL ....................................355 Adding an Access-Allowed ACEto a DACL ....................................357 Security Descriptors ......................................................................360 Retrieving a Security Descriptor ..................................................366 Using the Security_AttributesStructure ..................................369 Trustee-Based Access Control ............................................................370 Using the TRUSTEEStructure ..........................................................371 The EXPLICIT_ACCESSStructure ....................................................375 Using SetEntriesInAclto Create and Modify Access Control Lists ............................................................................................379 Impersonating a Client ........................................................................381 Summary ............................................................................................383 www.it-ebooks.info

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.