Practical Cryptography in .NET

As a software developer you have a duty to your employer to secure and protect their data. In this course, you will learn how to use the .NET Framework to protect your data to satisfy confidentiality, integrity, non-repudiation, and authentication.
Course info
Rating
(226)
Level
Intermediate
Updated
May 21, 2015
Duration
3h 59m
Table of contents
Introduction
Cryptographic Random Numbers
Hashing Algorithms
Secure Password Storage
Symmetric Encryption
Asymmetric Encryption
Hybrid Encryption
Digital Signatures
SecureString
Course Summary
Description
Course info
Rating
(226)
Level
Intermediate
Updated
May 21, 2015
Duration
3h 59m
Description

As a software developer you have a duty to your employer to secure and protect their data. In this course, you will learn how to use the .NET Framework to protect your data to satisfy confidentiality, integrity, non-repudiation, and authentication. This course covers random number generation, hashing, authenticated hashing, and password based key derivation functions. The course also covers both symmetric and asymmetric encryption using DES, Triple DES, AES, and RSA. You then learn how to combine these all together to product a hybrid encryption scheme which includes AES, RSA, HMACS, and Digital Signatures.

About the author
About the author

Stephen Haunts is an experienced Software Developer and Leader who has worked across multiple business domains including Computer Games, Finance, and Healthcare Retail and Distribution. Stephen has worked in languages ranging from Assembler, various forms of BASIC, to C and C++, and then finding his love of C# and .NET.

More from the author
More courses by Stephen Haunts
Section Introduction Transcripts
Section Introduction Transcripts

Introduction
Hi. My name is Stephen Haunts from Pluralsight, and welcome to my course on Practical Cryptography in. NET. This course is aimed at. NET developers who work in environments where protecting and securing the data for your company is of the upmost importance. This could be protecting personal identifiable information of your customers, securing credit card information for payment transactions or protecting any sensitive data that has commercial value to your organization. This course will cover some of the theoretical aspects of cryptography, as well as cover the more practical elements of cryptography using the. NET Framework, and more specifically the System. Security. Cryptography namespace.

Cryptographic Random Numbers
Welcome to the second module for my Practical Cryptography in. NET course. My name is Stephen Haunts. In this module, we will cover how to generate random numbers that are suitable for use as cryptographic keys. What you learn in this module will be used throughout the remainder of this course. First of all we take a look at why random numbers are so important in the field of cryptography. We'll then take a brief look at the System. Random random number generator in. NET and discuss why it is good for some circumstances, but is not suitable for use with cryptography and security. We will then take a look at the RNGCryptoServiceProvider random number generator in. NET, which is recommended for use with cryptography. Once we have covered why the RNGCryptoServiceProvider is a better solution, we'll take a look at a code demo running in Visual Studio.

Hashing Algorithms
Welcome back to my course on Practical Cryptography in. NET. My name is Stephen Haunts. In this module we'll take a look at different hashing algorithms that are available to you in the. NET Framework. We'll first start by taking a look at what hashing actually is and what it means to hash data. We'll then take a look at the MD5 hashing algorithm and why it is not recommended for use as much nowadays. Then we'll take a look at the Secure Hash family of hashes. This includes SHA-1, SHA-2, and SHA-3. At this point we'll then look at a code demo of these hash algorithms in use. Next we'll take a look at extending the hashing concept by bringing in a level of authentication with hashed Message Authentication Codes, or hash MACs for short. This will be followed by another code demo exploring the use of hash MACs in. NET. Now, let's take a look at what hashing is and why we need it.

Secure Password Storage
Welcome back to my course on Practical Cryptography in. NET. My name is Stephen Haunts. In this module we'll talk about the storage of passwords in your systems. Passwords are still the most common way of being able to authenticate a user, but it is very easy to put yourself in a situation where your system is not secure and is susceptible to attacks. In this module I first want to discuss ways in which you shouldn't store passwords, and then talk about how you should safely store passwords to protect yourself where you have been the victim of a data theft. We'll start off by discussing techniques that you shouldn't use and gradually iterate to a better solution. We will look at storing passwords in the clear, encrypting passwords, using hashes to store passwords, using salted hashes to store passwords, and finally using password-based key derivation functions. First, let's take a look at storing passwords in the clear.

Asymmetric Encryption
Welcome back to this course on Practical Cryptography in. NET. My name is Stephen Haunts. In this module we will take a look at asymmetric cryptography, which follows on from the previous module on symmetric cryptography. First we will recap on what symmetric cryptography is. We will then take a look at what asymmetric encryption is and how its approach to using keys is different. We will talk about how asymmetric encryption is more a mathematical solution whereas symmetric encryption is more algorithmic. This will lead us on to talking about how asymmetric encryption keys are derived. Then we'll take a look at the history and the background of RSA. This will be followed by some information about how RSA works. I will try to keep this knowledge reasonably high level. RSA uses some quite complicated math in its operation, but the purpose of this course isn't to understand this math in detail, but more understanding the basic concepts at play. Once we have a good idea about what RSA is all about, we will then look at its usage in the. NET Framework and then finish off with a code demonstration. Before we look at asymmetric encryption in more detail, let's first quickly recap on symmetric encryption.

Hybrid Encryption
Welcome back to my course on Practical Cryptography in. NET. My name is Stephen Haunts. In this module we will take a look at hybrid encryption where we take some of the concepts that we have learned so far in this course and apply them together to create what is called a hybrid encryption scheme. This will include encrypting data using a combination of both RSA and AES together, followed by using hashed message authentication codes to check the integrity of our encrypted data. Before we look at hybrid encryption in more detail, let's first review some of the security concepts which we are trying to solve.

Digital Signatures
Welcome back to my course Practical Cryptography in. NET. My name is Stephen Haunts. In this module, we'll take a look at using digital signatures to provide non-repudiation to encrypted messages that you may send to a recipient. We'll first start by looking at what digital signatures are. We'll then look at what the. NET Framework provides to add digital signature support to your applications. We'll then take a look at a code demonstration that shows you how to use digital signatures. Once we have looked at this first demonstration, we'll then extend our hybrid encryption example from the previous module to incorporate the digital signature mechanism we have just discussed. First let's take a look at what digital signatures are.

SecureString
Welcome back to my course on Practical Cryptography in. NET. My name is Stephen Haunts. In this final module of the course, I want to talk about a class in the System. Security namespace that is often overlooked. That class is SecureString. In this module we will cover what SecureString is and why it is needed, followed by a discussion on the Windows Data Protection API, also called DPAPI. We'll then close out with a code demonstration showing how to use SecureString. Let's start off with a look at what SecureString is and why we need it.

Course Summary
Congratulations! You have now completed this course on Practical Cryptography in. NET. In this final module, I will summarize some of the key points from this course. Then I'll present you with some recommended reading books if you're interested in learning more about cryptography. The subject is fascinating, especially when you start looking at the history of cryptography and how it has helped people win wars.