The Mighty C# and Some Bouncy Castles
The Mighty C# and Some Bouncy Castles
I have a little secret, and it’s a great secret. And, so, while I typically blog around the greatness of Golang, Rust and Node.js, there is a programming language that I use every day, and have produced more code for than all the other programming languages put together. It is — in fact — almost perfect in every way, and when matched to Visual Studio, it produces code that is robust and secure . It is … C#. And, it’s great for its integration in PowerShell. In fact, the conversion from C# to PowerShell, and vice-versa is actually quite easy, and where you can convert a compiled program into a scripted program without many difficulties. For this, I have just setup a new page on C# and cryptography coding:
https://asecuritysite.com/csharp/index
and previously setup for PowerShell:
https://asecuritysite.com/powershell/
In 2002
On 14 Feb 2002 — that .NET 1.0 was released. Overall, for me, one of the best things I’ve done in my career was to pick .NET and C# as my coding foundation. At the time, I was well used to C programming, but I didn’t much like C++, so C# was just perfect for me. It also came with my favouriate application of all-time: Microsoft Visual Studio. And since, .NET has allowed me to build Web sites that have scaled well, but also provided me with a platform to me to automate much of my work. It has scaled up my output, as I do not have to bother too much about the actual delivery mechanism.
Overall, .NNET 1.1 was almost like a finished product, and gave us everything we needed for a cross-platform environment. It was fast, secure and could run on lots of different systems. With .NET 2.0, the vision of Microsoft was almost complete, and they have since brought together various application areas of research into further versions. The great thing is, is that something written in an earlier version will run on later versions of the .NET framework. A simple install allowed the framework to be setup and to be easily upgraded to newer versions. It has largely been free of major security bugs, that Java and Flash always struggled with.
Basically, .NET was Microsoft’s answer to the ever-rising threat of Java, which allowed programs to be compiled to an intermediate language and then run within a run time environment. The worry for Microsoft was that these types of programs could allow users to move away from the Microsoft Microsoft Windows and PC environment. And so, to head off Java, Microsoft focused .NET on the building enterprise solutions:
It was even promoted by their Chief Software Architect — Bill Gates:
From Flash to .NET
I was a very early adopter of C# and .NET, as I needed to move many Flash programs to something that would scale well. Here is my old Flash program for simulating a Cisco device:
Unfortunately, the more Cisco commands I added, the more it become more difficult to maintain them. Also, at the time Flash was moving from a scripting language in which you could use variables whenever you wanted (ActionScript 1.0), without ever declaring them. While this works well for a small program, it was not scaleable. The new language was ActionScript 2.0, which integrated code in a more formal way, but, as it was kinda like Java, which I personally disliked (even though I’ve written a book on it), so I moved to Microsoft .NET 1.1, and I have never looked back.
Microsoft .NET 1.1, 2.0 and so on
I picked up on .NET 1.1 at the time, as it just worked so well, and had a strong development infrastructure. As far as I can tell, this must have been around March 2003:
I then ported over my Flash-based Networksims package into Microsoft .NET:
.NET ASP.NET MVC
The port to Windows worked fine, but it has become difficult to maintain and is fixed to Microsoft Windows. Users needed to install the program, and where I needed to push out updates. But the real genius of using .NET was the port from Window’s code to the Web. Overall, I believe no other programming environment would have allowed me to take all of my existing code, and port it into a Web application.
But this Web approach was different, as it allowed me to use MVC (Model, View and Controller). This was definitely the best software porting decision I ever made and separated the user interface (the View) from the middleware (the Controller) and from the data sources (the Model). From there I could now design the interface through CSHMTL and CSS, which did not affect the underlying program:
Building scalable Web sites
So, I am a teacher, and I don’t want to teach software development. I have taught programming, and I personally found it boring. For me, I have always needed to teach theory through code, and bring that alive. To me, coding is just a way to teach, and where the theory turns into practice.
My once-in-a-lifetime opportunity came when I had the chance to build a complete Web site to support the education of Scottish pupils, teachers and parents. It was a great chance to work with an innovative book publisher: Bright Red Publishing. For this project, we received the support of Interface Online, and I turned to ASP.NET to built the Bright Red Digital Zone using C#. This allowed me to investigate more interactive ways of learning Physics and Maths [here]:
and while subjects like Maths and Physics were my main interest, I could even integrate language translations for Spanish, French and German:
.NET guided me through the whole process, where I could work with a graphical design team on the user interface, and which I could integrate into the back-end code and logic. We could then easily change the colours of the pages just on the books that were selected. I also managed to create an automated convertor from the books into the Web pages. It all worked so well, and it still works today. I think it is the only complete Web site for Scottish pupils that has online material for virtually every subject that they can study for the main assessments.
Asecuritysite.com
So, I’m a teacher and a researcher, and I want to use code to support my teaching and to investigate new methods. And, so, it was through my porting of Networksims, that I started to add new educational elements related to a new topic that I was teaching — computer security [here]:
This was Feb 2013 and provided me with a more sensible base to build on than my previous HTML attempts. And, today, I still add code almost every day and find old, current and new methods. Overall, though, it still functions much the same as it did in 2013 [here]:
It doesn’t need any fancy graphical interface, as it just needs a way to provide a consistent way to present the content, and that is what ASP.NET is good at. And, so, rather than just teaching to our students, the site reaches out to millions across the world, with nearly 145 million users per year, and 28 million accesses:
And all thanks to .NET!
C# and Crypto
So, I haven’t added too many examples of using C# and cryptography on my site, but have at least made a start:
https://asecuritysite.com/csharp
One library we can use is Bouncy Castle, and which has Java and C# implementations. In this case, we will implement a basic example of encrypting data with RSA: [here]
public string rsa(string str, string size)
{
int s = Convert.ToInt32(size);
RsaKeyPairGenerator pGen = new RsaKeyPairGenerator();
pGen.Init(new KeyGenerationParameters(new SecureRandom(), s));
AsymmetricCipherKeyPair pair = pGen.GenerateKeyPair();
RsaEngine cryptEng = new RsaEngine();
RsaEngine decryptEng = new RsaEngine();
cryptEng.Init(true, pair.Public);
decryptEng.Init(false, pair.Private);
RsaPrivateCrtKeyParameters BCKeyParms = ((RsaPrivateCrtKeyParameters)pair.Private);
byte[] data = Encoding.ASCII.GetBytes(str);
byte[] enc = cryptEng.ProcessBlock(data,0, data.Length);
byte[] plain = decryptEng.ProcessBlock(enc,0,enc.Length);
string publicKeyParametersJson = JsonConvert.SerializeObject(pair.Public, Formatting.Indented);
string privateKeyParametersJson = JsonConvert.SerializeObject(pair.Private, Formatting.Indented);
string str1 = "Plain: " + str + "\nCipher: " + Convert.ToBase64String(enc) + "\nPlain: " + System.Text.Encoding.UTF8.GetString(plain);
str1 = str+ "\n\nPublic key\nN=" +BCKeyParms.Modulus;
str1 = str1 + "\ne=" + BCKeyParms.PublicExponent;
str1 = str1 + "\n\nPrivate key\nN=" + BCKeyParms.Modulus;
str1 = str1 + "\nd=" + BCKeyParms.Exponent;
str1 = str1 + "\np=" + BCKeyParms.P;
str1 = str1 + "\nq=" + BCKeyParms.Q;
str1 = str1 + "\ndP=" + BCKeyParms.DP;
str1 = str1 + "\ndQ=" + BCKeyParms.DQ;
str1 = str1 + "\ndQinv=" + BCKeyParms.QInv;
str1 = str1 + "\n\nPublic key (JSON): " + publicKeyParametersJson + "\nPrivate key (JSON): " + privateKeyParametersJson;
return (str1);
}A sample run showing the cipher text, and the public key (e.N) and private key (d,N) is [here]:
Plain: Hello
Cipher: hrKRLyl2XkM=
Plain: Hello
Public key
N=11057513306286217417
e=65537
Private key
N=11057513306286217417
d=9052762196641071473
p=4244678701
q=2605029517
dP=1560382673
dQ=411123797
dQinv=3377698807
Public key (JSON): {
"Modulus": {
"BitCount": 27,
"BitLength": 64,
"IntValue": 1347967177,
"LongValue": -7389230767423334199,
"SignValue": 1
},
"Exponent": {
"BitCount": 2,
"BitLength": 17,
"IntValue": 65537,
"LongValue": 65537,
"SignValue": 1
},
"IsPrivate": false
}
Private key (JSON): {
"PublicExponent": {
"BitCount": 2,
"BitLength": 17,
"IntValue": 65537,
"LongValue": 65537,
"SignValue": 1
},
"P": {
"BitCount": 14,
"BitLength": 32,
"IntValue": -50288595,
"LongValue": 4244678701,
"SignValue": 1
},
"Q": {
"BitCount": 15,
"BitLength": 32,
"IntValue": -1689937779,
"LongValue": 2605029517,
"SignValue": 1
},
"DP": {
"BitCount": 13,
"BitLength": 31,
"IntValue": 1560382673,
"LongValue": 1560382673,
"SignValue": 1
},
"DQ": {
"BitCount": 9,
"BitLength": 29,
"IntValue": 411123797,
"LongValue": 411123797,
"SignValue": 1
},
"QInv": {
"BitCount": 20,
"BitLength": 32,
"IntValue": -917268489,
"LongValue": 3377698807,
"SignValue": 1
},
"Modulus": {
"BitCount": 27,
"BitLength": 64,
"IntValue": 1347967177,
"LongValue": -7389230767423334199,
"SignValue": 1
},
"Exponent": {
"BitCount": 30,
"BitLength": 63,
"IntValue": 383795569,
"LongValue": 9052762196641071473,
"SignValue": 1
},
"IsPrivate": true
}