Feeds:
Posts
Comments

Archive for the ‘.Net’ Category

This is the first time I am attending the Microsoft TECH.ED and I was really excited to know what was in stall for us. Like any company organized event (e.g.: IBM Smart SOA), it was more of a sales pitch of Microsoft’s Cloud platform – AZURE (its pronounced somewhat like ASSURE)

The Keynote was given by Mr. S. Somasegar and there were some interesting points that I could pick up, like ODATA. It is a new open data specification proposed and actively supported by Microsoft. It is completely based on REST. I also had the privilege to see a live demo on easily integrating a Windows 7 app with eBAY website (which exposed their data in the form of ODATA).A very good initiative but will have to wait and see how many vendors would easy support ODATA

An interesting announcement was that Kinect SDK will be available soon in Spring. That would be a very interesting thing to watch out for. As soon as the SDK is made available a proliferation of possibilities are going to hit the shores. The possibilities are endless and it would be the right time to think of how to leverage this technology in the business space and very likely in the medical and educational space. Kudos to Microsoft guys to bring out the Kinect SDK.

Also there were talks about Visual Studio 2010 SP1 on what all enhancements and feature packs have been in place. Mr. S Somasegar claimed that the VS 2010 SP1 will be available to download on March 8th, if you are a MSDN subscriber. If not hard luck NON-MSDN guys, you can only download it on March 10th. Oh my goodness that is really going to pain…..Seriously.

VS 2010 Load Testing feature pack has increased it virtual user limit from 250 to infinity. Good, but can you really spawn 250 virtual users from your developer machines? (Just a thought)

If that was not enough, enter VS 2010 Light Switch (Its still beta, hope it stays the same). The feature pack facilitates a developer to build applications in a jiffy and gives him the power to deploy the application on the desktop or browser, with the data-screen motto in mind.

This is what Jason Gander has to say about Light Switch: “At their core, most end user business applications combine two things:  data + screens.  LightSwitch is optimized around making these two things very simple.”

Come on MS guys, we are professional developers building serious enterprise applications. You really thing business applications are just screens and data. The real value of LightSwitch can be for hobbyist and kids to play around with technology and build prototypes, POCs etc, but building business applications, you got to be kidding me. If you don’t believe me, check out the comments by some users here (http://blogs.msdn.com/b/jasonz/archive/2010/08/03/introducing-microsoft-visual-studio-lightswitch.aspx)

 

Following the keynote were, 1 hour sessions by different speakers. You had to choose the session based on your preference of technology (which I figured out only on the second day)

Fascinated by the name of the session, “Enterprise Strategy & Architecture Overview”, I had to leave Mr. Parimal Deshpande in 10 minutes although the room occupancy rate was pretty high. Not sure why, probably the strange taste of Star Bucks coffee in my mouth.

Next, I entered “Stepping Outside the Browser with Microsoft Silverlight 4”. The presentation was given by Mr. Daron Yondem. It was interesting with some of the new features supported by Silverlight when it runs outside the browser. Also elaborated with a demo as to how you could get the snapshot of a website and show it inside a Web Browser component. Quite a few quirky samples were also demonstrated which kept the audience attentive. Overall, was moderately worth listening too.

Next session was really jaw dropping and mostly mouth watering. I had been eagerly looking forward to it: “Lunch Break”. The food was good and thankfully less on variety. Sure helped me choose easily. I totally forgot about the dessert till I stepped out.

Evening session started with “Citrix & Microsoft Virtualized and Optimized Desktops” given by Mr. Yannick Kunegel. The talk was really interesting and the occupancy was really high probably packing the room. Desktop virtualization seems to be a good option on tremendously cutting down on you Operation Costs. However, the Capex can be significantly higher as rightly questioned by a member of the audience. Fortunately, I did sit through the whole session.

Next session was “Using Cloud to Engage across a Diversity of Devices” by Mr. Marc Mercuri. Came to know about a couple of websites/frameworks such as TOWNHALL probably deployed on Windows Azure. Plan to check out the code base as it seems to be open source. By the way Mr. Marc , I seriously believe you need to bring down your pace a bit.

Finally “A Dive into Internet Explorer 9 for Designer & Developers” by Ms. Asli Bilgin. The speaker kept claiming about the new tags that had been supported by IE 9. However these were mostly HTML 5 tags which have been long over due. Thanks a lot MS guys for supporting them quite quickly. A very interesting project MOSAIC 23/25 http://www.jumpman23mosaic.com was also shown. I would advice all to go check it out and it sure uses the power of Azure to do queries.

Disclaimer: I have been mostly working on JAVA technologies for quite sometime. However am not new to Microsoft technologies.

Read Full Post »

Performing encryption and decryption using the same language might be straight forward and many resources can be found in this regard. But when it comes to across languages, mismatches appear even if you are using the same algorithm to encrypt and decrypt. One of the reasons for this is that each language has its own specification that it supports. The second reason is that each language has different default values for its specification that you need to be aware of. The basic specification that should match in both sides i.e. encryption and decryption are:

  • Algorithm
  • Secret Key
  • Secret Key Size
  • Initialization Value (IV)
  • Padding
  • Mode

Lets take the example of .Net and Oracle. We will use C# for encryption and Pl/SQL for decryption. The C# code for encryption can be found here, and the PL/SQL code for decryption can be found in our previous blog Encryption/Decryption in PL/SQL. Here is a copy of the code:

C# Code

using System;
using System.Collections.Generic;
using System.Text;
using System.IO;
using System.Security.Cryptography;
namespace EncryptConsoleApp
{
 class Program
 {
   static void Main(string[] args)
   {
     string text = "Test1234";
     string key = "5379075357908764";

     byte[] textBytes = new byte[text.Length];
     textBytes = ASCIIEncoding.ASCII.GetBytes(text);

     byte[] keyBytes = new byte[key.Length];
     keyBytes = ASCIIEncoding.ASCII.GetBytes(key);

     byte[] encrptedBytes = Encrypt(textBytes, keyBytes);

     Console.WriteLine("Encrypted Text: " + ByteArrayToHexString(encrptedBytes));
  }

  public static byte[] Encrypt(byte[] clearData, byte[] Key)
  {
    MemoryStream ms = new MemoryStream();
    // Create a symmetric algorithm.
    TripleDES alg = TripleDES.Create();
    alg.Key = Key;

    CryptoStream cs = new CryptoStream(ms,alg.CreateEncryptor(), CryptoStreamMode.Write);
    cs.Write(clearData, 0, clearData.Length);
    cs.Close();

    byte[] encryptedData = ms.ToArray();
    return encryptedData;
  }
 }
} 

PL/SQL Code

create or replace FUNCTION DecryptPassword(EncryptedText IN VARCHAR2,EncKey IN VARCHAR2) RETURN VARCHAR2
IS
encdata RAW(2000);
BEGIN
  encdata:=dbms_obfuscation_toolkit.DES3Decrypt(input=>hextoraw(EncryptedText),key=>UTL_RAW.CAST_TO_RAW(EncKey));
  return  (utl_raw.cast_to_varchar2(encdata));

END DecryptPassword;

If you run the C# code to encrypt Test1234, you will get the following:
Encrypted Text: 5F48C32F78F63971E19764659E3E57F7

Now lets take this output and decrypt it using the PL/SQL code, you should get Test1234 again. Unfortunately, that will not happen. You will see totally different output. Something like ¿ E ¿¿¿(¿u¿¿¿ -¿ or some symbols that are not been displayed in my application.

Now you might be wondering, Why is it so? What went wrong over here? So, lets take a closer look.

The default configurations for the Triple DES algorithm in .Net and Oracle are as follow:

.Net

Oracle

Mode CBC CBC
Padding PKCS7 Not supported
IV in HEX C992C3154997E0FB 0123456789ABCDEF
Secret Key Size 192 bits 192 bits

As you can notice in the above table, the padding and the IV default setting are different in each framework. Thus the result of encryption and decryption will not match. In order to resolve the mismatch we need to change the configuration in C# code as Oracle 9i does not provide any mean to change these configuration. So we will set the value of IV to be the identical to the IV value in Oracle. But what about the padding? It is not supported at all in Oracle 9i. We can not set it to none as then we will be restricted to specific data length. The alternative solution we can think of is to set one of the padding mode that we can manually remove in Oracle. We will set the padding mode in .Net to ANSIX923 . The ANSIX923 padding string consists of a sequence of bytes filled with zeros before the length. In oracle we will check the last two digits i.e. the length and based on that we will remove all the zeros i.e. the padded part. The following example shows how the ANSIX923 mode works. Given a blocklength of 8, a data length of 9, the number of padding octets equal to 7, and the data equal to FF FF FF FF FF FF FF FF FF:

FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 07

Below is the modified code.

C# Code

using System;
using System.Collections.Generic;
using System.Text;
using System.IO;
using System.Security.Cryptography;
namespace EncryptConsoleApp
{
 class Program
 {
   static void Main(string[] args)
   {
      string text = "Test1234";

      string key = "5379075357908764";
      string iv = "0123456789ABCDEF";

      byte[] textBytes = new byte[text.Length];
      textBytes = ASCIIEncoding.ASCII.GetBytes(text);

      byte[] keyBytes = new byte[key.Length];
      keyBytes = ASCIIEncoding.ASCII.GetBytes(key);

      byte[] ivBytes = new byte[iv.Length];
      ivBytes = HexStringToByteArray(iv);

      byte[] encrptedBytes = Encrypt(textBytes, keyBytes, ivBytes);

      Console.WriteLine("Encrpted Text: " + ByteArrayToHexString(encrptedBytes));
   }

   public static byte[] Encrypt(byte[] clearData, byte[] Key, byte[] IV)
  {
      MemoryStream ms = new MemoryStream();
      // Create a symmetric algorithm.
      TripleDES alg = TripleDES.Create();
      alg.Padding = PaddingMode.ANSIX923;
      alg.Key = Key;
      alg.IV = IV;

      CryptoStream cs = new CryptoStream(ms,alg.CreateEncryptor(), CryptoStreamMode.Write);
      cs.Write(clearData, 0, clearData.Length);
      cs.Close();

      byte[] encryptedData = ms.ToArray();
      return encryptedData;
   }
 }
}

PL/SQL Code

create or replace FUNCTION DecryptPassword(EncryptedText IN VARCHAR2,EncKey IN VARCHAR2) RETURN VARCHAR2
IS
encdata RAW(2000);
numpad NUMBER;
result VARCHAR2(100);
BEGIN
  encdata:=dbms_obfuscation_toolkit.DES3Decrypt(input=>hextoraw(EncryptedText),key=>UTL_RAW.CAST_TO_RAW(EncKey));

  result :=rawtohex(encdata);
  numpad:=substr(result,length(result)-2);
  result:= substr(result,1,length(result)-(numpad*2));
  result := hextoraw(result);
  result := utl_raw.cast_to_varchar2(result);
  return result;

END DecryptPassword;

Now if you encrypt Test1234 using C# you should get the following output:
Encrypted Text: 109F3C4AD99AE1B0899596AB525D5D59

Lets try to decrypt the output using PL/SQL code. The output is
Test1234

Finally, C# code and PL/SQL code matches. In the same lines any other programming language can be used.

Read Full Post »