Thông tin tài liệu
www.it-ebooks.info
Davis Chapman
800 East 96th St., Indianapolis, Indiana, 46240 USA
Developing Secure Applications
with Visual Basic
®
00 8369 FM 4/25/00 9:04 AM Page i
www.it-ebooks.info
Developing Secure Applications
with Visual Basic
Copyright © 2000 by Sams Publishing
All rights reserved. No part of this book shall be reproduced, stored in a
retrieval system, or transmitted by any means, electronic, mechanical, photo-
copying, recording, or otherwise, without written permission from the pub-
lisher. No patent liability is assumed with respect to the use of the information
contained herein. Although every precaution has been taken in the preparation
of this book, the publisher and author assume no responsibility for errors or
omissions. Nor is any liability assumed for damages resulting from the use of
the information contained herein.
International Standard Book Number: 0-672-31836-9
Library of Congress Catalog Card Number: 99-66271
Printed in the United States of America
First Printing: May 2000
02 01 00 4 3 2 1
Trademarks
All terms mentioned in this book that are known to be trademarks or service
marks have been appropriately capitalized. Sams Publishing cannot attest to
the accuracy of this information. Use of a term in this book should not be
regarded as affecting the validity of any trademark or service mark.
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate as
possible, but no warranty or fitness is implied. The information provided is on
an “as is” basis. The author and the publisher shall have neither liability nor
responsibility to any person or entity with respect to any loss or damages aris-
ing from the information contained in this book or programs accompanying it.
ASSOCIATE PUBLISHER
Bradley L. Jones
EXECUTIVE EDITOR
Chris Webb
DEVELOPMENT EDITOR
Steve Rowe
MANAGING EDITOR
Charlotte Clapp
PROJECT EDITOR
Carol L. Bowers
COPY EDITORS
Barbara Hacha
Chuck Hutchinson
INDEXER
Kevin Fulcher
PROOFREADER
Jill Mazurczyk
TECHNICAL EDITOR
John Hooven
TEAM COORDINATOR
Meggo Barthlow
MEDIA DEVELOPER
Jason Haines
INTERIOR DESIGNER
Anne Jones
COVER DESIGNER
Anne Jones
COPY WRITER
Eric Bogert
00 8369 FM 4/25/00 9:04 AM Page ii
www.it-ebooks.info
Contents at a Glance
Introduction 1
1 Understanding Encryption and Application Security 5
2 Getting Started with the CryptoAPI 19
3 Symmetric and Password Encryption 37
4 Public/Private Key Communications 93
5 Requesting and Retrieving Certificates 139
6 Working with Certificates 175
7 Working With Certificate Revocation Lists 217
8 Using Digital Signatures 257
9 DCOM Through SSL 309
10 Understanding Windows 2000 Security and Security Descriptors 339
11 Using NT Login Authentication 385
12 Working with Active Directory Security (ADSI) and an LDAP Server 407
13 Active Directory Security and Searching 441
14 Developing with COM+ Security 475
15 Microsoft Certificate Server 495
16 Security Standards 505
17 Legal Issues of Digital Signatures and Encryption 517
A Cryptographic Service Providers 529
Index 535
00 8369 FM 4/25/00 9:04 AM Page iii
www.it-ebooks.info
Contents
Introduction 1
1 Understanding Encryption and Application Security 5
Exploring Encryption 6
Encryption Algorithms and Standards 6
Other Forms of Encryption 10
Using Certificates with Encryption 13
Certificate Authorities 14
Certificate Chains 14
Digital Signatures 14
Message Enveloping 15
Secure Sockets Layer (SSL) 16
Security and Audit Logs 16
Why Do You Need Audit Logs? 17
What Information Needs to Be Included? 17
Summary 18
2 Getting Started with the CryptoAPI 19
CryptoAPI and Cryptographic Service Providers 20
Opening the CSP 21
Closing the CSP 25
Listing the Available CSPs 26
Listing the CSP Types 27
Getting the Default CSP 28
Setting the Default CSP 28
CSP Types and Encryption Algorithms 29
Listing CSPs and CSP Types 30
Designing the Interface 30
Listing the CSPs 32
Building a List of the CSP Types 34
Summary 36
3 Symmetric and Password Encryption 37
Generating Hashes of Strings and Messages 38
Creating a Hash Object 38
Destroying a Hash Object 40
Duplicating a Hash Object 41
Hashing Data 42
Hashing a Session Key 42
Getting Hash Information 43
Setting Hash Information 45
00 8369 FM 4/25/00 9:04 AM Page iv
www.it-ebooks.info
Generating Symmetric Keys 46
Deriving a Key 47
Generating a Key 48
Destroying a Key 50
Duplicating a Key 51
Understanding Basic Encryption and Decryption 52
Encrypting Data 53
Decrypting Data 54
Building a Simple Encryption Application 55
Declaring API Functions, Constants, and Variables 55
Exposing Properties 60
Acquiring a Handle for the CSP 61
Deriving a Password-Based Key 64
Destroying a Password-Based Key 66
Performing Data Encryption 67
Performing Data Decryption 69
Designing the User Interface 70
Performing the Encryption 71
Performing the Decryption 74
Building a File Encryption/Decryption Utility 77
Making Additional Declarations 77
Hashing the Data File 78
Encrypting the Data File 80
Decrypting the Data File 81
Designing the User Interface 83
Performing the Data File Encryption 85
Performing the Data File Decryption 89
Summary 92
4 Public/Private Key Communications 93
Block Versus Stream Algorithms 94
Salt Values: What Are They and Why Use Them? 95
Generating Salt Values 96
Extracting Salt Values from Session Keys 97
Setting Salt Values in Session Keys 100
Generating, Saving, and Retrieving Public/Private Keys 103
Exporting and Importing Keys 104
Exporting Keys 104
Importing Keys 107
Building a Secure Messaging Utility 108
Creating the Initial Project 108
Making Additional Declarations 109
Adding New Properties 110
00 8369 FM 4/25/00 9:04 AM Page v
www.it-ebooks.info
DEVELOPING SECURE APPLICATIONS WITH VISUAL BASIC
Getting the User Public/Private Key Pair 111
Exporting the Public Key 113
Importing the Public Key 114
Creating and Exporting the Session Key 115
Importing the Session Key 117
Terminating the Class 118
Designing the User Interface 119
Performing Form Initialization, Cleanup,
and Other Miscellaneous Functions 121
Performing the Initial Server Key Exchange 123
Performing the Client Key Exchange 125
Finishing the Server Key Exchange 126
Sending and Receiving Encrypted Messages 127
Listening for Connection Requests 130
Connecting to the Server 131
Receiving the Connection Request 132
Handling Data Arrival 133
Closing the Socket Connection 135
Summary 138
5 Requesting and Retrieving Certificates 139
Digital Certificates Explained 140
Requesting a Certificate from a Certificate Authority 141
Verifying the Key Owner’s Identity 142
Acquiring Certificates 143
Generating a Certificate Request 143
Retrieving Certificates 151
Building a Certificate Request Utility 155
Creating the Certificate Request Class 156
Creating the Class Properties 159
Class Initialization and Termination 161
Requesting Certificates 162
Retrieving Certificates 164
Checking on Request Status 165
Designing the Form 166
Form Initialization and Shutdown 168
Performing the Certificate Request 169
Checking the Status and Getting the Certificate 171
Running the Sample Application 171
Summary 173
vi
DEVELOPING SECURE APPLICATIONS WITH VISUAL BASIC
00 8369 FM 4/25/00 9:04 AM Page vi
www.it-ebooks.info
CONTENTS
6 Working with Certificates 175
Managing Certificate Stores 176
Opening Certificate Stores 177
Closing Certificate Stores 178
Duplicating the Store Handle 179
Managing Certificates and Certificate Contexts 179
Creating a Certificate Context 179
Duplicating a Certificate Context 180
Finding a Certificate 180
Enumerating Certificates 183
Getting an Issuer Certificate 183
Serializing a Certificate 184
Verifying a Certificate 186
Deleting a Certificate 186
Freeing a Certificate Context 187
Getting Information from Certificates 187
Enumerating Certificate Properties 188
Getting Property Values 189
Setting Certificate Properties 192
Getting the Subject Name 193
Building a Certificate Maintenance Utility 195
Creating the Project 195
Listing the Certificates 198
Converting Strings 207
Extracting the Key Spec 208
Extracting the Provider Type 209
Extracting the Container Name 210
Extracting the CSP Name 211
Designing the Form 212
Listing the Certificates 214
Summary 214
7 Working with Certificate Revocation Lists 217
Verifying Certificates Against a CA 218
Extracting a Certificate Serial Number 219
Formatting the Serial Number 222
The
CertAdmin COM Object 223
Verifying a Certificate 223
Building and Maintaining a Certificate Revocation List 226
Creating a CRL Context 226
Adding a CRL to a Certificate Store 227
Duplicating a CRL 229
Freeing a CRL Context 229
vii
CONTENTS
00 8369 FM 4/25/00 9:04 AM Page vii
www.it-ebooks.info
DEVELOPING SECURE APPLICATIONS WITH VISUAL BASIC
viii
Deleting a CRL 229
Getting a CRL from a Certificate Store 230
Verifying Certificates Against a CRL 231
Managing a Certificate Revocation List 233
Creating the Project 233
Adding New Properties 237
Converting Bytes to Hex String 238
Checking Certificates Against the CA 239
Creating a CRL from a File 241
Checking Certificates Against a CRL 243
Adding a CRL to a Certificate Store 244
Modifying the Certificate Listing 246
Modifying the Form 249
Using the CA to Verify Certificates 251
Using the CRL to Verify Certificates 252
Importing the CRL to the Certificate Store 254
Summary 255
8 Using Digital Signatures 257
What Are Digital Signatures? 259
Signing Messages and Verifying Signatures 261
Encryption Algorithms and Pointers 261
Signing a Message 262
Verifying a Message Signature 266
Verifying a Detached Message Signature 269
Determining the Number of Signers 270
Enveloping Messages 270
Encrypting a Message 270
Decrypting a Message 273
Signing and Encrypting a Message 275
Decrypting and Verifying a Message 276
Decoding a Message 277
Building a Signing Utility 279
Creating the Project 279
Retrieving the Signing Certificate 282
Determining the Certificate Type 284
Signing the Message 286
Verifying the Signature 289
Retrieving the Exchange Certificate 291
Encrypting the Message 293
Decrypting the Message 296
Releasing the Signature Certificate 299
Designing the Form 300
Getting the Signer Certificate 302
00 8369 FM 4/25/00 9:04 AM Page viii
www.it-ebooks.info
CONTENTS
ix
Performing the Signing 302
Performing the Signature Verification 304
Performing the Encryption 305
Performing the Decryption 307
Summary 308
9 DCOM Through SSL 309
RDS and HTTP 310
Standard DCOM Versus RDS DCOM 310
RDS
DataSpace Object 313
RDSServer DataFactory Object 313
RDS
DataControl Object 314
Interacting with Custom Server Controls 314
Enabling RDS Use 315
DCOM Tunneling Through TCP/IP 316
Client Configuration 317
Server Configuration for DCOM 319
Building a DCOM-HTTPS Application 323
Creating the Server Object 323
Creating the Client Application 329
Summary 337
10 Understanding Windows 2000 Security and Security
Descriptors 339
Windows 2000 Security Overview 340
Fundamental Security Data Structures 341
Understanding Process and Thread Security Tokens 341
Understanding the Security Identifier 346
Understanding
ACE, DACL, and SACL Structures 354
Determining the Size Required for an
ACL 355
Adding an Access-Allowed
ACE to a DACL 357
Security Descriptors 360
Retrieving a Security Descriptor 366
Using the
Security_Attributes Structure 369
Trustee-Based Access Control 370
Using the
TRUSTEE Structure 371
The
EXPLICIT_ACCESS Structure 375
Using
SetEntriesInAcl to Create and Modify Access Control
Lists 379
Impersonating a Client 381
Summary 383
00 8369 FM 4/25/00 9:04 AM Page ix
www.it-ebooks.info
[...]... may stretch your Visual Basic skills beyond what you’ve seen in most other programming situations You’ll also have to delve into areas of programming that Visual Basic normally tries to hide from you Take fair warning! This book is not for the Visual Basic beginner If you just picked up Visual Basic for the first time last week, this is not the book for you (yet) This book is written with the assumption... Logs www.it-ebooks.info CHAPTER 1 6 Developing Secure Applications with Visual Basic With the explosion of commerce and business applications on the Internet, whole areas of programming expertise have entered the limelight Just a few short years ago, encryption and application security were areas of programming limited to academic and military programming, along with some Research and Development labs... not the book for you (yet) This book is written with the assumption that you already know your way around Visual Basic and already have a bit of Visual Basic programming experience under your belt However, if you’ve built several applications using Visual Basic and you pretty much know all the basics, you shouldn’t have anything to fear How This Book Is Organized I wrote this book to match the way... thinking You saw this book on the shelf and picked it up out of curiosity, thinking, “Encryption and Visual Basic? Security and Visual Basic? Aren’t these topics normally reserved for the ranks of C/C++ developers?” Well, they used to be, but not anymore Now you can perform these tasks within Visual Basic, without having to dip into any C/C++ code The next question on your mind probably is, “Do I have... languages My, how times have changed! Now, it is possible to use Visual Basic to accomplish these tasks This book is all about exploring how you can use Visual Basic to perform various encryption and application security tasks These are exciting times for Visual Basic programmers! Exploring Encryption One of the key technologies involved with making secure communications possible, especially over the Internet,... secret message 12 Developing Secure Applications with Visual Basic What makes this encryption scheme so secure is that an infinite number of possibilities exists for the key, each of which decrypts the message to a legible message There is no way of knowing whether the message you’ve decrypted is the original message unless you possess the original key sequence For instance, if you start with the message... yourself with building another audit log? If a user is interacting directly with your application, the operating system is not likely to recognize that a security breach has occurred Only your application is in a position to recognize this situation and have the information necessary to identify what happened, who did it, and how it was done 17 18 Developing Secure Applications with Visual Basic For... idea to at least glance at these notes so that you are familiar with what they are trying to convey Of course, there may be a time or two where I just felt like making some unimportant remark that really shouldn’t be part of the main topic, so I’ll mark those as notes, too www.it-ebooks.info 3 4 DEVELOPING SECURE APPLICATIONS WITH VISUAL BASIC CAUTION Warning! Warning! Man the lifeboats! Oops, sorry—I... restrict the hardware that can be used) 13 14 Developing Secure Applications with Visual Basic Certificate Authorities A Certificate Authority is a commonly agreed-upon authority whose verification of someone’s identity is accepted by all parties It can be a large, independent organization such as Verisign (www.verisign.com) or the security department within a corporation The CA has the responsibility... decrypts the signature hash and compares the two hashes If the hashes match, the signature is valid, and the message hasn’t been altered or tampered with since being signed This process is illustrated in Figure 1.6 15 16 Developing Secure Applications with Visual Basic Message Signing Process Original Message Signed Message Private Signing Key Signature Verification Process Decryption Process Encryption . USA
Developing Secure Applications
with Visual Basic
®
00 8369 FM 4/25/00 9:04 AM Page i
www.it-ebooks.info
Developing Secure Applications
with Visual Basic
Copyright. 171
Summary 173
vi
DEVELOPING SECURE APPLICATIONS WITH VISUAL BASIC
00 8369 FM 4/25/00 9:04 AM Page vi
www.it-ebooks.info
CONTENTS
6 Working with Certificates
Ngày đăng: 20/02/2014, 02:20
Xem thêm: Tài liệu Developing Secure Applications with Visual Basic doc, Tài liệu Developing Secure Applications with Visual Basic doc