Tài liệu Developing Secure Applications with Visual Basic doc

606 267 0

Daniel Gửi tin nhắn Báo tài liệu vi phạm

Tải lên: 111,496 tài liệu

  • Loading ...
1/606 trang
Tải xuống

Thông tin tài liệu

Ngày đăng: 20/02/2014, 02:20

www.it-ebooks.infoDavis Chapman800 East 96th St., Indianapolis, Indiana, 46240 USADeveloping Secure Applicationswith Visual Basic®00 8369 FM 4/25/00 9:04 AM Page iwww.it-ebooks.infoDeveloping Secure Applicationswith Visual BasicCopyright © 2000 by Sams PublishingAll rights reserved. No part of this book shall be reproduced, stored in aretrieval system, or transmitted by any means, electronic, mechanical, photo-copying, recording, or otherwise, without written permission from the pub-lisher. No patent liability is assumed with respect to the use of the informationcontained herein. Although every precaution has been taken in the preparationof this book, the publisher and author assume no responsibility for errors oromissions. Nor is any liability assumed for damages resulting from the use ofthe information contained herein.International Standard Book Number: 0-672-31836-9Library of Congress Catalog Card Number: 99-66271Printed in the United States of AmericaFirst Printing: May 200002 01 00 4 3 2 1TrademarksAll terms mentioned in this book that are known to be trademarks or servicemarks have been appropriately capitalized. Sams Publishing cannot attest tothe accuracy of this information. Use of a term in this book should not beregarded as affecting the validity of any trademark or service mark.Warning and DisclaimerEvery effort has been made to make this book as complete and as accurate aspossible, but no warranty or fitness is implied. The information provided is onan “as is” basis. The author and the publisher shall have neither liability norresponsibility to any person or entity with respect to any loss or damages aris-ing from the information contained in this book or programs accompanying it.ASSOCIATE PUBLISHERBradley L. JonesEXECUTIVE EDITORChris WebbDEVELOPMENT EDITORSteve RoweMANAGING EDITORCharlotte ClappPROJECT EDITORCarol L. BowersCOPY EDITORSBarbara HachaChuck HutchinsonINDEXERKevin FulcherPROOFREADERJill MazurczykTECHNICAL EDITORJohn HoovenTEAM COORDINATORMeggo BarthlowMEDIA DEVELOPERJason HainesINTERIOR DESIGNERAnne JonesCOVER DESIGNERAnne JonesCOPY WRITEREric Bogert00 8369 FM 4/25/00 9:04 AM Page iiwww.it-ebooks.infoContents at a GlanceIntroduction 11 Understanding Encryption and Application Security 52 Getting Started with the CryptoAPI 193 Symmetric and Password Encryption 374 Public/Private Key Communications 935 Requesting and Retrieving Certificates 1396 Working with Certificates 1757 Working With Certificate Revocation Lists 2178 Using Digital Signatures 2579 DCOM Through SSL 30910 Understanding Windows 2000 Security and Security Descriptors 33911 Using NT Login Authentication 38512 Working with Active Directory Security (ADSI) and an LDAP Server 40713 Active Directory Security and Searching 44114 Developing with COM+ Security 47515 Microsoft Certificate Server 49516 Security Standards 50517 Legal Issues of Digital Signatures and Encryption 517A Cryptographic Service Providers 529Index 53500 8369 FM 4/25/00 9:04 AM Page iiiwww.it-ebooks.infoContentsIntroduction 11 Understanding Encryption and Application Security 5Exploring Encryption 6Encryption Algorithms and Standards 6Other Forms of Encryption 10Using Certificates with Encryption 13Certificate Authorities 14Certificate Chains 14Digital Signatures 14Message Enveloping 15Secure Sockets Layer (SSL) 16Security and Audit Logs 16Why Do You Need Audit Logs? 17What Information Needs to Be Included? 17Summary 182 Getting Started with the CryptoAPI 19CryptoAPI and Cryptographic Service Providers 20Opening the CSP 21Closing the CSP 25Listing the Available CSPs 26Listing the CSP Types 27Getting the Default CSP 28Setting the Default CSP 28CSP Types and Encryption Algorithms 29Listing CSPs and CSP Types 30Designing the Interface 30Listing the CSPs 32Building a List of the CSP Types 34Summary 363 Symmetric and Password Encryption 37Generating Hashes of Strings and Messages 38Creating a Hash Object 38Destroying a Hash Object 40Duplicating a Hash Object 41Hashing Data 42Hashing a Session Key 42Getting Hash Information 43Setting Hash Information 4500 8369 FM 4/25/00 9:04 AM Page ivwww.it-ebooks.infoGenerating Symmetric Keys 46Deriving a Key 47Generating a Key 48Destroying a Key 50Duplicating a Key 51Understanding Basic Encryption and Decryption 52Encrypting Data 53Decrypting Data 54Building a Simple Encryption Application 55Declaring API Functions, Constants, and Variables 55Exposing Properties 60Acquiring a Handle for the CSP 61Deriving a Password-Based Key 64Destroying a Password-Based Key 66Performing Data Encryption 67Performing Data Decryption 69Designing the User Interface 70Performing the Encryption 71Performing the Decryption 74Building a File Encryption/Decryption Utility 77Making Additional Declarations 77Hashing the Data File 78Encrypting the Data File 80Decrypting the Data File 81Designing the User Interface 83Performing the Data File Encryption 85Performing the Data File Decryption 89Summary 924 Public/Private Key Communications 93Block Versus Stream Algorithms 94Salt Values: What Are They and Why Use Them? 95Generating Salt Values 96Extracting Salt Values from Session Keys 97Setting Salt Values in Session Keys 100Generating, Saving, and Retrieving Public/Private Keys 103Exporting and Importing Keys 104Exporting Keys 104Importing Keys 107Building a Secure Messaging Utility 108Creating the Initial Project 108Making Additional Declarations 109Adding New Properties 11000 8369 FM 4/25/00 9:04 AM Page vwww.it-ebooks.infoDEVELOPING SECURE APPLICATIONS WITH VISUAL BASICGetting the User Public/Private Key Pair 111Exporting the Public Key 113Importing the Public Key 114Creating and Exporting the Session Key 115Importing the Session Key 117Terminating the Class 118Designing the User Interface 119Performing Form Initialization, Cleanup,and Other Miscellaneous Functions 121Performing the Initial Server Key Exchange 123Performing the Client Key Exchange 125Finishing the Server Key Exchange 126Sending and Receiving Encrypted Messages 127Listening for Connection Requests 130Connecting to the Server 131Receiving the Connection Request 132Handling Data Arrival 133Closing the Socket Connection 135Summary 1385 Requesting and Retrieving Certificates 139Digital Certificates Explained 140Requesting a Certificate from a Certificate Authority 141Verifying the Key Owner’s Identity 142Acquiring Certificates 143Generating a Certificate Request 143Retrieving Certificates 151Building a Certificate Request Utility 155Creating the Certificate Request Class 156Creating the Class Properties 159Class Initialization and Termination 161Requesting Certificates 162Retrieving Certificates 164Checking on Request Status 165Designing the Form 166Form Initialization and Shutdown 168Performing the Certificate Request 169Checking the Status and Getting the Certificate 171Running the Sample Application 171Summary 173viDEVELOPING SECURE APPLICATIONS WITH VISUAL BASIC00 8369 FM 4/25/00 9:04 AM Page viwww.it-ebooks.infoCONTENTS6 Working with Certificates 175Managing Certificate Stores 176Opening Certificate Stores 177Closing Certificate Stores 178Duplicating the Store Handle 179Managing Certificates and Certificate Contexts 179Creating a Certificate Context 179Duplicating a Certificate Context 180Finding a Certificate 180Enumerating Certificates 183Getting an Issuer Certificate 183Serializing a Certificate 184Verifying a Certificate 186Deleting a Certificate 186Freeing a Certificate Context 187Getting Information from Certificates 187Enumerating Certificate Properties 188Getting Property Values 189Setting Certificate Properties 192Getting the Subject Name 193Building a Certificate Maintenance Utility 195Creating the Project 195Listing the Certificates 198Converting Strings 207Extracting the Key Spec 208Extracting the Provider Type 209Extracting the Container Name 210Extracting the CSP Name 211Designing the Form 212Listing the Certificates 214Summary 2147 Working with Certificate Revocation Lists 217Verifying Certificates Against a CA 218Extracting a Certificate Serial Number 219Formatting the Serial Number 222The CertAdmin COM Object 223Verifying a Certificate 223Building and Maintaining a Certificate Revocation List 226Creating a CRL Context 226Adding a CRL to a Certificate Store 227Duplicating a CRL 229Freeing a CRL Context 229viiCONTENTS00 8369 FM 4/25/00 9:04 AM Page viiwww.it-ebooks.infoDEVELOPING SECURE APPLICATIONS WITH VISUAL BASICviiiDeleting a CRL 229Getting a CRL from a Certificate Store 230Verifying Certificates Against a CRL 231Managing a Certificate Revocation List 233Creating the Project 233Adding New Properties 237Converting Bytes to Hex String 238Checking Certificates Against the CA 239Creating a CRL from a File 241Checking Certificates Against a CRL 243Adding a CRL to a Certificate Store 244Modifying the Certificate Listing 246Modifying the Form 249Using the CA to Verify Certificates 251Using the CRL to Verify Certificates 252Importing the CRL to the Certificate Store 254Summary 2558 Using Digital Signatures 257What Are Digital Signatures? 259Signing Messages and Verifying Signatures 261Encryption Algorithms and Pointers 261Signing a Message 262Verifying a Message Signature 266Verifying a Detached Message Signature 269Determining the Number of Signers 270Enveloping Messages 270Encrypting a Message 270Decrypting a Message 273Signing and Encrypting a Message 275Decrypting and Verifying a Message 276Decoding a Message 277Building a Signing Utility 279Creating the Project 279Retrieving the Signing Certificate 282Determining the Certificate Type 284Signing the Message 286Verifying the Signature 289Retrieving the Exchange Certificate 291Encrypting the Message 293Decrypting the Message 296Releasing the Signature Certificate 299Designing the Form 300Getting the Signer Certificate 30200 8369 FM 4/25/00 9:04 AM Page viiiwww.it-ebooks.infoCONTENTSixPerforming the Signing 302Performing the Signature Verification 304Performing the Encryption 305Performing the Decryption 307Summary 3089 DCOM Through SSL 309RDS and HTTP 310Standard DCOM Versus RDS DCOM 310RDS DataSpace Object 313RDSServer DataFactory Object 313RDS DataControl Object 314Interacting with Custom Server Controls 314Enabling RDS Use 315DCOM Tunneling Through TCP/IP 316Client Configuration 317Server Configuration for DCOM 319Building a DCOM-HTTPS Application 323Creating the Server Object 323Creating the Client Application 329Summary 33710 Understanding Windows 2000 Security and Security Descriptors 339Windows 2000 Security Overview 340Fundamental Security Data Structures 341Understanding Process and Thread Security Tokens 341Understanding the Security Identifier 346Understanding ACE, DACL, and SACL Structures 354Determining the Size Required for an ACL 355Adding an Access-Allowed ACE to a DACL 357Security Descriptors 360Retrieving a Security Descriptor 366Using the Security_Attributes Structure 369Trustee-Based Access Control 370Using the TRUSTEE Structure 371The EXPLICIT_ACCESS Structure 375Using SetEntriesInAcl to Create and Modify Access Control Lists 379Impersonating a Client 381Summary 38300 8369 FM 4/25/00 9:04 AM Page ixwww.it-ebooks.info[...]... may stretch your Visual Basic skills beyond what you’ve seen in most other programming situations You’ll also have to delve into areas of programming that Visual Basic normally tries to hide from you Take fair warning! This book is not for the Visual Basic beginner If you just picked up Visual Basic for the first time last week, this is not the book for you (yet) This book is written with the assumption... Logs www.it-ebooks.info CHAPTER 1 6 Developing Secure Applications with Visual Basic With the explosion of commerce and business applications on the Internet, whole areas of programming expertise have entered the limelight Just a few short years ago, encryption and application security were areas of programming limited to academic and military programming, along with some Research and Development labs... not the book for you (yet) This book is written with the assumption that you already know your way around Visual Basic and already have a bit of Visual Basic programming experience under your belt However, if you’ve built several applications using Visual Basic and you pretty much know all the basics, you shouldn’t have anything to fear How This Book Is Organized I wrote this book to match the way... thinking You saw this book on the shelf and picked it up out of curiosity, thinking, “Encryption and Visual Basic? Security and Visual Basic? Aren’t these topics normally reserved for the ranks of C/C++ developers?” Well, they used to be, but not anymore Now you can perform these tasks within Visual Basic, without having to dip into any C/C++ code The next question on your mind probably is, “Do I have... languages My, how times have changed! Now, it is possible to use Visual Basic to accomplish these tasks This book is all about exploring how you can use Visual Basic to perform various encryption and application security tasks These are exciting times for Visual Basic programmers! Exploring Encryption One of the key technologies involved with making secure communications possible, especially over the Internet,... secret message 12 Developing Secure Applications with Visual Basic What makes this encryption scheme so secure is that an infinite number of possibilities exists for the key, each of which decrypts the message to a legible message There is no way of knowing whether the message you’ve decrypted is the original message unless you possess the original key sequence For instance, if you start with the message... yourself with building another audit log? If a user is interacting directly with your application, the operating system is not likely to recognize that a security breach has occurred Only your application is in a position to recognize this situation and have the information necessary to identify what happened, who did it, and how it was done 17 18 Developing Secure Applications with Visual Basic For... idea to at least glance at these notes so that you are familiar with what they are trying to convey Of course, there may be a time or two where I just felt like making some unimportant remark that really shouldn’t be part of the main topic, so I’ll mark those as notes, too www.it-ebooks.info 3 4 DEVELOPING SECURE APPLICATIONS WITH VISUAL BASIC CAUTION Warning! Warning! Man the lifeboats! Oops, sorry—I... restrict the hardware that can be used) 13 14 Developing Secure Applications with Visual Basic Certificate Authorities A Certificate Authority is a commonly agreed-upon authority whose verification of someone’s identity is accepted by all parties It can be a large, independent organization such as Verisign (www.verisign.com) or the security department within a corporation The CA has the responsibility... decrypts the signature hash and compares the two hashes If the hashes match, the signature is valid, and the message hasn’t been altered or tampered with since being signed This process is illustrated in Figure 1.6 15 16 Developing Secure Applications with Visual Basic Message Signing Process Original Message Signed Message Private Signing Key Signature Verification Process Decryption Process Encryption . USA Developing Secure Applications with Visual Basic ®00 8369 FM 4/25/00 9:04 AM Page iwww.it-ebooks.info Developing Secure Applications with Visual Basic Copyright. 171Summary 173vi DEVELOPING SECURE APPLICATIONS WITH VISUAL BASIC 00 8369 FM 4/25/00 9:04 AM Page viwww.it-ebooks.infoCONTENTS6 Working with Certificates
- Xem thêm -

Xem thêm: Tài liệu Developing Secure Applications with Visual Basic doc, Tài liệu Developing Secure Applications with Visual Basic doc, Tài liệu Developing Secure Applications with Visual Basic doc

Gợi ý tài liệu liên quan cho bạn

Nhận lời giải ngay chưa đến 10 phút Đăng bài tập ngay