Jump to navigation

Poupou's Corner of the Web

Looking for perfect security? Try a wireless brick.
Otherwise you may find some unperfect stuff here...

Weblog

The new (v2) System.Security.Cryptography.Pkcs

Long time no blog but I'm still alive and still looking into the new framework. Most new stuff in mscorlib's System.Security.Cryptography had already been commited in CVS. A big thanks to Pieter Philippaerts for his RIPEMD160 hash implementation.

Lately I've been working, on and off, on PKCS #7 Cryptographic Message Syntax Standard. PKCS #7 are envelopes for signing and encrypting data - something you could compare to XML Digital Signature and XML Encryption but ASN.1 based (which is much less popular these days ;-). The best known use of PKCS#7 is probably the S/MIME specification for digitally signing and encrypting emails using X.509 certificates.

The 1.2 framework includes support for signed and encrypted PKCS#7 envelopes in the System.Security assembly. Mono.Security assembly already includes support for PKCS #7 signed envelopes for decoding Authenticode® signatures and Software Publisher Certificates (SPC) files. So far it has been easy to implement the new API using Mono.Security as it's foundation - i.e. the Mono API is a much lower level API (which is both good and bad depending on your ASN.1 knowledge). The encryption stuff is new, as Mono didn't require it before, but shouldn't be too complex to implement as it share much code with the existing stuff.

What's taking me longer is that I need to implement the new X509CertificateEx and all the new classes in System.Security.Cryptography.X509Certificates (in System.Security assembly) which requires yet another PKCS standard, PKCS #12 Personal Information Exchange Syntax Standard, which in turn requires PKCS #8 Private-Key Information Syntax Standard (commited to CVS a few days ago).

The good news is that I can decode all (well the ones I got) PKCS#12 containing RSA keypairs :-) but that's the subject for another post...

While being on the PKCS7 subject I did an interesting lecture on some PDC slides on MSDN. Some screenshots were included to illustrate an example and you could clearly see that they were using framework version 2.0.3500.0, not the version 1.2.3400.0 they handed out to attendees. This same presentation also showed some classes in System.Security.Cryptography.Pkcs, namely EnvelopedCms and SignedCms. Those aren't in the 1.2 beta. EnvelopedPkcs7 and SignedPkcs7 are part of 1.2 but their documentation clearly indicates that they do not support CMS.

I will definitively continue reading the stuff :)


11/29/2003 14:19:06 | Comments

The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.