. NET security: Supporting certificates in your application using the. NET Framework 2.0

This article discusses:

Windows certificate Store

Certificate classes in. NET

Authentication, SSL, Web Services, and code signing

Signing and encrypting data

This article uses the following techniques:

. NET Framework 2.0

Certificates are widely used in the microsoft®.net framework, from secure communication to code signing to security policy. The. NET Framework 2.0 improves support for certificates and adds a new namespace for standard-compliant cryptographic operations using certificates. In this article, I'll discuss the background knowledge of certificates and Windows® certificate stores. I'll also introduce you to the certificate API usage and how the Framework uses these APIs to implement security features.

A "certificate" is actually a ASN.1 (Abstract Syntax notation One) encoded file that contains a public key and other information about the key and its owner. In addition, the certificate has a validity period and is signed by another key (the so-called issuer) that guarantees the authenticity of these attributes and, most importantly, the authenticity of the public key itself. You can consider ASN.1 as a binary XML. Like XML, it also has encoding rules, strong types, and tags, but these are binary values, and usually do not have printable characters corresponding to them.

In order for such files to be interchangeable between systems, a standard format is required. This standard format is described in X.509 (currently 3rd edition), RFC 3280 (tools.ietf.org/html/rfc3280). Although X.509 does not specify the type of key that is embedded in the certificate, the RSA algorithm is the most common asymmetric encryption algorithm currently in use.

First, let's review the history of this algorithm. The name "RSA" is the initials of the three people who invented the algorithm: Ron Rivest, Adi Shamir and Len Adleman. They set up a company called RSA Security, which publishes several standard documents called Public Key Cryptography Standards (PKCS). These documents describe several aspects of cryptographic technology.

One of the most popular documents, the PKCS #7, defines a binary format named Cryptographic Message Syntax (CMS) for signed and encrypted data. Currently, CMS is widely used in many popular security protocols, including Secure Sockets Layer (SSL) and Secure Multipurpose Internet Mail Extensions (S/MIME). Because it is a standard, it is also an alternative format when an application needs to exchange signed and encrypted data between several parties. You can obtain these PKCS documents from the RSA Laboratories Web site (www.rsasecurity.com/rsalabs/node.asp?id=2124).