-
Sub-task
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
False
-
None
-
False
-
-
Never try to develop a homemade cryptographic algorithm or write a new implementation of a known algorithm. Only use tested implementations for encryption, digital signature generation and verification, and other cryptographic algorithms.
Cryptanalysis is the study of breaking cryptographic algorithms. Cryptanalysts are usually mathematicians who try to break the underlying mathematics or look for implementation faults. As a result, application security must always rely on known and secure algorithms. Real-world implementations often suffer from subtle errors, such as attackers being able to determine the size of a key based on how long the encryption process takes.
Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/amq-clients/tasks/phase/specifications/141-T59/
How Tos:
ASP.NET Core / C#: Data Encryption
When you need to protect or unprotect data, ASP.NET Core creates an instance of a data protector. This is provided by the IDataProtectionProvider and IDataProtector interfaces and are found in the Microsoft.AspNetCore.DataProtection.Interfaces package. CreateProtector gets a reference to an instance of IDataProtector from IDataProtectionProvider. The purpose string helps you isolate data protection consumers from each other.
IDataProtectionProvider.CreateProtector(purpose)
Create a data protector from a data protection provider.
IDataProtector protector = _ iDataProtectionProvider.CreateProtector("SpecificPurpose");
Then call the Protect or Unprotect methods to encrypt or decrypt data.
string protectedPayload = _protector.Protect(input); string unprotectedPayload = protector.Unprotect(protectedPayload);
ASP.NET Core / C#: Protecting Purpose Strings
Purpose strings can be subverted through injection attacks. For example, suppose you have a form and you want to store the username securely, which is provided by the user.
The SecurityCompass.Storage.SecureNotes component stores secure personal notes. If this component is configured to call CreateProtector([ username ]) to protect the username when submitted, then you become vulnerable to an injection attack. The user could type SecurityCompass.Encryption.AuthToken into the username field. This results in the component calling CreateProtector(["SecurityCompass.Encryption.AuthToken"]), which causes the secure note storage system to create encrypted payloads that could be interpreted as a valid authorization token by other parts of the application.
Instead, isolate the input by parameterizing it. In this example, the username, which is assumed to be a unique value for each user, has been put into its own parameter, separate from the component. Using this method, it is impossible to inject strings into a form field that are executed as a command by the application.
CreateProtector(["SecurityCompass.Storage.SecureNotes"]).CreateProtector(username);
ASP.NET Core / C#: Protecting Ephemeral Data
ASP.NET Core enables you to create protected payloads that expire after a configurable amount of time. For example, password reset tokens should only be valid for a limited time, and then automatically expire.
For short-term persistence of protected data, such as less than one month, use the time-limited data protector APIs. You need to add the Microsoft.AspNetCore.DataProtection.Extensions package to your ASP.NET Core installation.
Once this package is installed, you can convert the normal protector instance into a time-limited one, with this code.
var timeLimitedProtector = protector.ToTimeLimitedDataProtector();
Then you use the time-limited protector to encrypt data for a certain amount of time in seconds. In this example, the duration is five seconds.
string protectedData = timeLimitedProtector.Protect(timeLimitedSecret, lifetime: TimeSpan.FromSeconds(5));
To decrypt the protected data, you use the same protector instance.
String unprotectedData = timeLimitedProtector.Unprotect(protectedData);
If you try to unprotect the protected payload after the time span has expired, a CryptographicException occurs, and you have to handle it as you would other exceptions.
ASP.NET Core / C#: Revoking Keys and Refreshing the Keyring
If a key becomes compromised, you must revoke it so that ASP.NET Core will no longer use it to protect data.
Here is how to revoke all keys:
keyManager.RevokeAllKeys(DateTimeOffset.Now, reason: "Revocation reason here.");
Here is how to revoke a specific key by its ID:
if(targetKey.IsRevoked == false) { keyManager.RevokeKey(targetKey.KeyId ,reason: "No longer secure!"); }
