|
norm wrote:
bear with me, but one more question =)
<cryptoClass MySHA1Hash="MySHA1HashClass, MyAssembly
Culture='en', PublicKeyToken=a5d015c7d5a0b012,
Version=1.0.0.0"/>
Can be translated to:
byte [] mykey = {0x0A, 0x05, 0x0D...0x01, 0x02}
Is this correct?
Ummmm....that's a really good question. The answer is that I have no clue. I'm guessing that it's actually split up like:
{0xa5, 0xd0, 0x15...} etc, because otherwise why would that zero be there? It looks like it's just a placeholder so that the 8 byte (look, it's 16 digits) key can be translated easily.
Flight to Redmond - £200
Bulldozer Rental - £100
Destroying the MS campus single handedly for not doing an Academic upgrade, PRICELESS!
-Jonny Newman
|
|
|
|
|
norm wrote:
What about my "Private" key?
That's given to the constructor of the CspParameters object:
CspParameters myCspParams = new CspParameters();
myCspParams.Flags = CspProviderFlags.UseMachineKeyStore; //Or CspProviderFlags.UseDefaultKeyStore
myCspParams.KeyNumber = myKeyNumber;
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(myCspParams);
I passionately hate the idea of being with it, I think an artist has always to be out of step with his time.
-Orson Welles
|
|
|
|
|
norm wrote:
STEP 1: say once you have determined the legal size:
max 128
min 16
skip 16
STEP 2: Your key legal size is therefore: {16, 32, 48, 56... 128}
No, you're mistaking the size for the possible values. The size is the length of that array. The possible values for System.Byte are still going to be 0 to 255. That just means that the legal key size has to be an array with between 16 bytes and 128 bytes in it.
norm wrote:
STEP 4: 56 bits = 4 x16bits = 4 HEX number = {HEX1, HEX2, HEX3, HEX4} (Is this correct?)
Again, no, you're mistaking the possible values in the array for the length of the array.
norm wrote:
QUESTION 2:
Also, instead of:
byte[] MyKey = {0x10, 0x12, 0x0A, 0x3B}
Could I have generated it programmatically? Or can I load a key from a key file generated by sn.exe?
Yes! In fact, that's what I always do. I usually do something like this:
string myPassword<br />
byte[] passBytes = System.Text.Encoding.Default.GetBytes(myPassword);
And then I take passBytes, trim it down to the legal size (actually, it always fits within the legal size for RSA), and then give that to the RSA CSP. As for pulling from an sn.exe generated file, sure. I don't see why not, especially since that's generated (I believe) for RSA.
norm wrote:
QUESTION 3:
Do I have to rely on CryptoAPI to gain access to a key in cert store - and perhaps all other tasks that has to do with cert store?
No. I don't believe so. At least that's not what they say http://www.gotdotnet.com/team/clr/cryptofaq.htm[^]:
10. Does the crypto library have a key management system different from CryptoAPI?
No, we internally use CryptoAPI key storage and you can reference keys stored in CryptoAPI key containers by using the CspParameters object. For a sample of how to store and retrieve your own asymmetric key pair in CryptoAPI key storage see the sample on www.gotdotnet.com/team/clr/about_security.aspx.
However, I couldn't find that sample. You may have to go hunting in the MSDN docs. Although, the most valuable thing I saw on that "Sample" page was this:
The Source Code for the .NET Framework Cryptography Classes[^]
I passionately hate the idea of being with it, I think an artist has always to be out of step with his time.
-Orson Welles
|
|
|
|
|
Thanks for the patience!
David Stone wrote:
STEP 1: say once you have determined the legal size:
max 128
min 16
skip 16
STEP 2: Your key legal size is therefore: {16, 32, 48, 56... 128}
>> No, I think I agree with you. {16, 32, 48, 56... 128} are just "possible" or "legal" value for key. And sure, 1 byte=8 bit=256 possibilities.
One HEX digit = 4 bits --> So, if key size=56bit, we can define key with 14 HEX digit. we can therefore write:
byte[] MyKey = {0x10, 0x12, 0x0A, 0x3B, 0x2D, 0x81, 0x7D}
Is this correct?
David Stone wrote:
string myPassword
byte[] passBytes = System.Text.Encoding.Default.GetBytes(myPassword);
That's a good trick.
norm
|
|
|
|
|
norm wrote:
One HEX digit = 4 bits --> So, if key size=56bit, we can define key with 14 HEX digit. we can therefore write:
byte[] MyKey = {0x10, 0x12, 0x0A, 0x3B, 0x2D, 0x81, 0x7D}
Is this correct?
Sounds logical. And I think that would work.
Hawaian shirts and shorts work too in Summer.
People assume you're either a complete nut (in which case not a worthy target) or so damn good you don't need to worry about camouflage...
-Anna-Jayne Metcalfe on Paintballing
|
|
|
|
|
I need to find if the word i read from the document is a heading 1 , 2, etc.
I tried to use the method "Style"; for some reason c# doesn't support it.
Any suggestions?
Thanks
keramudugoda
|
|
|
|
|
I try to put some files like attachment from command line like this,
mailto:sarev@sarev.com?subject=my report&body=see attachment&attachment="C:\a.bmp"
but evry time I cann't put it.
|
|
|
|
|
My application checks the latest version of an application from the targeted website and if found then it downloads and installs it.But before downloading or installing i need to check the administrator privileges for these two operations.If not found then it will force the operating system to popup he adminstartor login window and after login the application can be downloaded or installed.after finishing these operations it restore the rights.
I am not able to find out the exact solution & i don't know whether it is possible by Impersonation or Policy files.So please help me.Its very urgent.
Thanks in advance.
Manoj
|
|
|
|
|
Manoj,
Have a look at System.Security.Permissions namespace. You have fine grained security classes for each set of operations.
Also if you want to check for administrative privileges you need to do something like this,
PrincipalPermission myPermission = new PrincipalPermission("Somebody", "BUILTIN\\Administrators");
then you can call the demand method to check if he belongs to the admin group. you can get the current user's name from System.Threading.Thread.CurrentPrincipal and assign it to WindowsPrincipal object and use WindowsIdentity to extract the username.
As for as popping up the dialog and restoring the rights, i have no idea.
hope this helps you getting started.
- Kannan
|
|
|
|
|
You can Impersonate current user with admin. For how to do it chech WindowsIdentity.Impersonate() in MSDN
Mazy
No sig. available now.
|
|
|
|
|
what would be the best way to store user settings, i.e. window locations, options, etc. would i use .ini files, the registry, or something else?
thanks,
Rob
--
There are 10 kinds of people. Those who understand binary and those who don't.
|
|
|
|
|
Have you considered using Application configuration files(yourapp.exe.config) or using isolated storage. I think isolated storage support per user settings.
Regards,
Kannan
|
|
|
|
|
from what i understand the app.exe.config file is readonly. if this is true then i can't use it.
Rob
--
There are 10 kinds of people. Those who understand binary and those who don't.
|
|
|
|
|
|
This may sound like self-advertising,
but I published something similar
that may (or may not) fit our friend's needs:
http://www.codeproject.com/csharp/CFGLitepack.asp
So, now.. if he wants to use XML, he has Nick's class;
else, he can use mine
Ain't CP great?
F.O.R.
|
|
|
|
|
Simply, I'd like to create a get property that would return a list of objects for a class, but I want that the list only allows access to items : adding, replacing or removing items must be impossible.
To do that I first wrote the following code :
class MyClass
{
private ArrayList _AL;
ICollection MyList
{
get { return _AL; }
}
}
Indeed, the ICollection doesn't have Add , Replace or Remove methods.
But I realized later that the ICollection interface returned by MyList could be cast into an IList interface on which it is possible to perform such operations, and then the list can be modified : the data can be acted an unexcepted way, and there is no integrity !
Does anyone know the answer to this architecture problem ?
Regards,
- Éric -
|
|
|
|
|
Did you try making the arraylist
readonly
Regards,
Kannan
|
|
|
|
|
Unfortunalely that's not the solution.
Indeed readonly attribute will only forbid to replace the ArrayList object AL by another instance, but one can still do anything with the list. For instance, the following code shows that an item can be added normally : it compiles and no exception is thrown.
public class MyClass
{
public readonly ArrayList AL = new ArrayList();
}
public class MainClass
{
static void Main()
{
MyClass MC = new MyClass();
try
{
MC.AL.Add("toto");
}
catch(Exception e) { MessageBox.Show(e.Message); }
foreach ( object O in MC.AL )
MessageBox.Show(O.ToString()+" has been added !");
}
}
What a pity...
- Éric -
|
|
|
|
|
|
Perfect ! That seems to be a good solution.
This static method returns a readonly copy of the ArrayList. Moreover if the original list is modified (directly or through a binding process), then the readonly copy is updated (synchronized). Very well !
Thanks very much.
- Éric -
|
|
|
|
|
|
|
Finally I'm going to use the following method :
public class MyClass
{
ArrayList _AL = new ArrayList();
public IList MyList
{
get { return ArrayList.ReadOnly(_AL); }
}
...
}
- Éric -
|
|
|
|
|
I think there's not much you can do. If you're trying to achieve the same effect as const in C++, the news is that in C++ you can just as easily cast away constness and have the same issue.
Here's my viewpoint:
You as the programmer are doing all you can to make your collection readonly. If someone wants to modify it badly enough, they'll have to take the extra step of casting it and in doing so they assume the responsibility of what problems that may cause.
In other words, it's not your problem. There's only so much you can do and spending time worrying about what some hacker may do is not worth it, IMHO.
Regards,
Alvaro
Hey! It compiles! Ship it.
|
|
|
|
|
Having said all that, I just found a ReadOnly method in ArrayList that gives you the extra safety you need.
Regards,
Alvaro
Hey! It compiles! Ship it.
|
|
|
|
|