[Mono-devel-list] Cryptography using Mono.Security assembly on .NET on Windows

Sebastien Pouliot spouliot at videotron.ca
Wed Mar 31 15:05:45 EST 2004 

Answers inlined.

Sebastien Pouliot
blog: http://pages.infinit.net/ctech/poupou.html

  -----Original Message-----
  From: mono-devel-list-admin at lists.ximian.com
[mailto:mono-devel-list-admin at lists.ximian.com]On Behalf Of Muath Al-Khalaf
  Sent: 31 mars 2004 11:13
  To: mono-devel-list at lists.ximian.com
  Subject: [Mono-devel-list] Cryptography using Mono.Security assembly on
.NET on Windows



  Hi,
  First of all thank you guys a lot. You have done an excellent job. I have
seen mono in Novell brainshare and it was amazing.
  --------------------------------------------------------------------------
-----------------------------------------------------------
  [Sebastien Pouliot] Thanks from everyone :-)

  Short story:
  -----------------
  Is it possible to use Mono.Security assembly on .NET on windows for
cryptography (in general)

  [Sebastien Pouliot]  Yes. The Mono.Security assembly was designed to run
on either Mono or the MS runtime (with the same binary).

  and does it offer a complete services (i.e. complete support for X.509
Certificates)?

  [Sebastien Pouliot] Complete X.509 support ? No, but much better than what
is included in the current frameworks (e.g. you can create your own
certificates).

  Where can I get it to install it on windows and How?

  [Sebastien Pouliot] A binary is included in the latest Mono installer for
Windows. Sources can also be downloaded (they are inside mcs source
package).

  Is there a documentation for it?

  [Sebastien Pouliot] Not much - but you have the source ;-). Have a look at
http://www.go-mono.com/crypto for some informations.

  Does it use the same cryptography architecture of .NET (i.e. only an
implementation for this architecture)?

  [Sebastien Pouliot] Yes. It's main goal is to extend the framework and
include things MS left out.

  Is it compatable with BouncyCastle on Java :-)?

  [Sebastien Pouliot] It should be. Something there can be endianness issues
(on big integers) between implementations (e.g. CryptoAPI and the framework
don't user the same).

  I am sorry if some questions are not reasonable but I am new to .NET (only
one month) with a good Java background

  [Sebastien Pouliot] No problem. I have blogged a little about
Mono.Security in the past. You can have a look from
http://pages.infinit.net/ctech/poupou.html
  --------------------------------------------------------------------------
-----------------------------------------------------------


  Long Story :
  ------------------
  I have a project which consists of:
  1- Clients develped by different companies, some using .NET and some using
Java but all running on Windows Desktop :-(.
  2- Number of webservices running on .NET on windows 2003 which are accesed
by previous mentioned clients.
  3- Clients upload data stored in XML files to webservices.

  I was asked to develop two cryptographic libraries to:
  1- Encrypt data (XML files) on clients machines before sending them.
  2- and then decrypt this data after recieving them thorugh webservices.

  The encryption will consists of two steps:
  1- Create a security provider for the chosen - symmetric - algorithm and
encrypt the XML data file.
  2- Encrypt the session key using the public key of the server.

  Now on Java I have BouncyCastle library which is a very good cryptography
library and completely developped on Java (completly "managed" code).
  On the other hand on .NET I have only wrappers to access CryptoAPI (I
think through COM objects).

  [Sebastien Pouliot] No, MS doesn't use COM to access CryptoAPI, P/Invoke
is used. The only use of COM I know is for Authenticode support (well that's
my deduction from the exceptions I've seen).

  I have seen that mono has a completly managed code cryptography library
packaged in Mono.Security assembly ?!!.

  [Sebastien Pouliot] Actually all of Mono's crypto (which mainly resides in
corlib) is managed code. The only exception is the random number generation.

  The questions are:
  1- Can I use this library from .NET on windows?

  [Sebastien Pouliot] Yes (for Mono.Security assembly). If you want to use
the crypto algorithms inside corlib you'll have to extract the sources and
build your own assembly.

  2- if yes then How can I get this assembly and its documentation?

  [Sebastien Pouliot]  http://www.go-mono.com/

  3- Does if follow the same architecture of .NET cryptography?

  [Sebastien Pouliot] Yes.

  4- Is it compatable with BouncyCastle especially with the key exchage.
(i.e. if one client encrypts using BouncyCastle, the webservices could
decrypt it using Mono library).

  [Sebastien Pouliot] If it doesn't work you may have to reverse the bytes
on the keys.

  Thank you for your time. Regards
  --------------------------------------------------------------------------
-

  Muath A. Al-Khalaf,  GSEC
  Information Security Engineer
  ELM Information Security Co.
  Email: muath at elm.com.sa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ximian.com/pipermail/mono-devel-list/attachments/20040331/ab8b4b6f/attachment.html

More information about the Mono-devel-list mailing list