Module 8: Protecting Communication Privacy and Data Integrity

Chia sẻ: Mai Phuong | Ngày: | Loại File: PDF | Số trang:86

Thêm vào BST

Báo xấu

107
lượt xem 21
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

This module provides students with an overview of cryptography and digital certificates. The module then explains how students can protect data and communications between the Web browser and the Web server. After completing this module, students will be able to protect the portions of a Web application that require private communications through Secure Sockets Layer (SSL) security.

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Module 8: Protecting Communication Privacy and Data Integrity

Module 8: Protecting Communication Privacy and Data Integrity Contents Overview 1 Lesson: Introduction to Cryptography 3 Lesson: Working with Digital Certificates 15 Lab 8.1: Obtaining a Server Certificate 35 Lesson: Using the Secure Sockets Layer/Transport Layer Security Protocols 39 Lesson: Using Internet Protocol Security 58 Review 63 Lab 8.2: Protecting Communication Privacy and Data Integrity 65 Course Evaluation 76
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2002 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, ActiveX, Active Directory, Authenticode, Hotmail, JScript, Microsoft Press, MSDN, PowerPoint, Visual Basic, Visual C++, Visual Studio, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Module 8: Protecting Communication Privacy and Data Integrity iii Instructor Notes Presentation: This module provides students with an overview of cryptography and digital 120 minutes certificates. The module then explains how students can protect data and communications between the Web browser and the Web server. After Lab: completing this module, students will be able to protect the portions of a Web 30 minutes application that require private communications through Secure Sockets Layer (SSL) security. After completing this module, students will be able to: ! Define the basic elements of cryptography. ! Describe the purpose of digital certificates and obtain one through a Certificate Authority (CA). ! Validate user and Web server identity through the use of SSL/Transport Layer Security (TLS). ! Protect communications between Web application resources through the use of Internet Protocol security (IPSec). Required materials To teach this module, you need the following materials: ! Microsoft® PowerPoint® file 2300A_08.ppt ! Hypertext Markup Language (HTML) and Flash animation files 2300A_08_A05_1619.htm and 2300A_08_A05_1619.swf Preparation tasks To prepare for this module: ! Read all of the materials for this module. ! Complete the demonstrations and labs. ! Read Module 5, “Configuring Network Security by Using Public Key Infrastructure,” in Course 2153, Implementing a Microsoft Windows 2000 Network Infrastructure. ! Read Module 6, “Configuring Network Security by Using IPSec,” in Course 2153, Implementing a Microsoft Windows 2000 Network Infrastructure. ! Read Module 5, “Implementing Security on a Web Server,” in Course 2295, Implementing and Supporting Microsoft Internet Information Services 5.0. ! Read the article “Step-by-Step Guide to Internet Protocol Security (IPSec),” which is available at http://www.microsoft.com/windows2000/techinfo/ planning/security/ipsecsteps.asp. ! Read the TechNet article, “Authentication and Encryption,” which is available at http://www.microsoft.com/technet/security/network/authen.asp. ! Read the Microsoft MSDN® Magazine article, “Web Security: Putting a Secure Front End on Your COM+ Distributed Applications,” which is available at http://msdn.microsoft.com/msdnmag/issues/0600/ websecure/websecure.asp.
iv Module 8: Protecting Communication Privacy and Data Integrity ! Read the MSDN article, “The Evolution of Security on the Web: An Introduction to Cryptosystems on the Internet,” which is available at http://msdn.microsoft.com/library/en-us/dnsecure/html/msdn_websec.asp. ! Read the VeriSign article, “Implementing Web Site Client Authentication Using Digital IDs,” which is available at http://www.verisign.com/ clientauth/kit/details.html. ! Read the VeriSign article, “Guide to Securing Your Web Site For Business,” which is available at http://www.verisign.com/resources/ gd/secureBusiness/secureBusiness.html.
Module 8: Protecting Communication Privacy and Data Integrity v How to Teach This Module Begin this module with a discussion of the types of attacks that are possible on the communication link between the browser and the Web server. Lesson: Introduction to Cryptography What Is Cryptography? It is an interesting sidebar to mention the role that cryptographic code breaking played in World War II. “Enigma,” “Purple,” and “Magic” are the code names of some of the more well-known cryptographic systems. You can find more information about cryptography during wartime by searching for “cryptography World War II” on the Internet. How Does Symmetric Mention that symmetric encryption is very fast and that it is the most efficient Encryption Work? way to transfer larger quantities of data securely. How Does Asymmetric By using asymmetric encryption, the recipient of the encrypted data can be Encryption Work? assured that the data came from the owner of the public key. Therefore, not only can asymmetric encryption be used to encrypt the data, it also provides a guarantee of the data’s origin. Note that the key length plays an important role in the strength of the encryption. If the key length is long enough, it is virtually impossible to guess. Exchanging and Storing Storing private keys is the most challenging aspect of encryption. For more Keys information about this topic, direct students to the book, Writing Secure Code, by Michael Howard and David LaBlanc (Redmond: Microsoft Press®), 2002. Verifying Data Integrity An important distinction between encryption and hashing is that encryption with Hashes scrambles the data such that it can be unscrambled, whereas hashing cannot be reversed. Using Digital Signatures You can sign data without hashing it to guarantee that the data came from you; however, this would not guarantee that the data was not changed en route to the recipient. Practice: Using After reviewing the answers to the practice, brainstorm with the students for Cryptography more scenarios of when cryptography could be used in Web applications. Lesson: Working with Digital Certificates What Are Digital Mention briefly that one of the reasons for obtaining a certificate (personal or Certificates? server) is to use SSL to communicate with a Web server. Students will learn more about the SSL/TLS and IPSec protocols later in this module. Practice: Viewing Digital You can do the steps of this practice with the students and show the Certificates nwtraders.msft certificate, which is the certificate from the London CA. What Is a Certificate Students may ask about the process that is required to become a CA, such as Authority? VeriSign. Although anyone who uses Certificate Services can generate certificates, not everyone who generates certificates is a trusted CA. Trust is based on many factors, including the length of time that the CA is in business, the CA’s reputation, and the process that the CA uses to verify those who request certificates.
vi Module 8: Protecting Communication Privacy and Data Integrity Multimedia: Using This animation provides an overview of the process of how certificates are Digital Certificates requested and granted from a CA, and then how those certificates are used to communicate securely over SSL. You might consider postponing this animation until the next lesson, which discusses SSL. Note that the “random bits” referred to in the multimedia are the session key. Certificate Chains and For certificates to be effective, they must be trusted. Certificate chains enable Hierarchies users to trace a certificate back to the original CA. Certificate Stores If time permits, demonstrate the use of the Certificate Manager tool. Obtaining a Personal Discuss some of the reasons why a user would want to obtain a personal Certificate certificate. Note Note The options for certificate templates offered by the Certificate Request Wizard depend on how you installed the Microsoft Management Console (MMC) Certificates snap-in: ! If you installed the MMC Certificates snap-in to manage certificates for My user account, as directed in the “Practice: Viewing Digital Certificates” topic, you get Authenticated Session, Basic EFS, and User Signature Only templates. ! If you installed the MMC Certificates snap-in to manage certificates for Computer account, you get Computer and IPSEC templates. Instructor-Led Practice: You will need to lead this practice and also get a personal certificate; make sure Obtaining a Personal to enter Research for your department, because this field will be used in the Certificate client certificate mapping demonstration. As the students submit their requests for personal certificates, you need to issue the certificates. The issuing of certificates should be done with little explanation and with the screen blanked so that the students do not get confused between the request and issue processes. ! To process the certificate requests with Microsoft Certificate Services for Microsoft Windows® 2000 1. On the Start menu, click Programs, click Administrative Tools, and then click Certification Authority. During setup, the instructor computer was set up with Certificate Services and was created as a stand-alone root CA. 2. Expand the nwtraders.msft CA, and then click Pending Requests. There will be one certificate request from each student. 3. To accept the request and issue a certificate, right-click the request, click All Tasks, and then click Issue. The request is moved from the Pending Requests node to the Issued Certificates node.
Module 8: Protecting Communication Privacy and Data Integrity vii Obtaining a Server Show how the SSL port, 443, is disabled by opening Internet Information Certificate Services (IIS) and viewing the Web Site tab for the Mod08 folder of the 2300Demos Web application. Demonstration: Explain to students that they will obtain a server certificate in the lab; therefore, Obtaining a Server they can just watch the demonstration now, rather than performing the steps. Certificate When processing the certificate request with Certification Services, do not explain what is being done. This step occurs only because you are using Certificate Services in the classroom. Lab 8.1: Obtaining a Server Certificate Both the TailspinToys and TailspinToysAdmin Web applications contain Web pages that either request private information from users or deliver private information to users. Before students can turn on SSL for these Web pages, they need to obtain a server certificate for their Web servers. Students will request the server certificates from the London CA. You will need to approve the requests as they are made by the students. ! To issue certificates by using Certificate Services After students have submitted their requests for server certificates, you must issue the certificates: 1. On the Start menu, click Programs, click Administrative Tools, and then click Certification Authority. 2. Expand the nwtraders.msft CA, and then click Pending Requests. There will be a certificate request from each student. 3. To accept a request and issue a certificate, right-click the request, click All Tasks, and then click Issue. The request is moved from the Pending Requests folder to the Issued Certificates folder. Lesson: Using the Secure Sockets Layer/Transport Layer Security Protocols Overview of Security Students may have heard of both SSL and TLS. It is important to note that TLS Protocols is the most recent version of the protocol and that although SSL is the more commonly referred-to protocol, it is most likely TLS that is being used. How Does SSL/TLS Mention that SSL/TLS are the protocols that enable the secure communications Work? that are described in the animation “Using Digital Certificates.” You might consider showing this animation here instead of in the previous lesson. Enabling SSL for an IIS Mention the steps that are required before SSL can be enabled in IIS. You will Web Application demonstrate the process of enabling SSL in the demonstration that follows this topic. Demonstration: Show how SSL is enabled in IIS. Discuss the various options that are available Enabling SSL for client certificates.
viii Module 8: Protecting Communication Privacy and Data Integrity Verifying the Discuss both the Active Server Pages (ASP) method and the Microsoft Authenticity of Client ASP.NET method of verifying the authenticity of client certificates. Certificates Instructor-Led Practice: Before students can view the pages in the practice, you must configure the Verifying the Mod08 folder of the 2300Demos Web application to require client certificates. Authenticity of Client Certificates After students have accessed the WhoAmI.asp and ReadCertInfo.aspx pages in the Mod08 folder of the 2300Demos Web application on the London computer, examine the source code for the pages in Microsoft Visual Studio® .NET: 1. In Visual Studio .NET, open the WhoAmI.asp page in the Mod08 folder of the 2300Demos project. 2. In Visual Studio .NET, open the ReadCertInfo.aspx page in the Mod08 folder of the 2300Demos project. The page displays information from a client certificate by using the HttpClientCertificate object. Using Client Certificate Client certificate mapping is a powerful authentication method that allows IIS Mapping to perform work on behalf of the client, based on the contents of a client certificate. Emphasize IIS client certificate mapping. Information on Active Directory® directory service mapping is provided for those students that have previous experience with Active Directory. Demonstration: Client Demonstrate how to enable many-to-one client certificate mapping in the Certificate Mapping 2300Demos Web application. Note that client certificate mapping is not used in the labs. Guidelines for Using SSL should be used only for those portions of the Web application that require SSL/TLS secure communications. There is a performance cost that is associated with using SSL, and care should be taken to ensure that SSL is used only when necessary. Discuss the guidelines for using SSL. Practice: Requiring SSL Run this practice as a group brainstorming session where students determine for Web Application which pages in the TailspinToys and TailspinToysAdmin Web applications Pages should be protected with SSL. Lesson: Using Internet Protocol Security Overview of IPSec Note that although IPSec is not commonly used for securing communications between client computers and Web applications on the IIS Web server, IPSec does have a role in protecting communications between the IIS Web server and the other computers and resources that are on the organization’s network. Implementing IPSec Briefly discuss the process of implementing IPSec. Comparing IPSec and Understanding how IPSec and SSL/TLS differ is important when deciding SSL/TLS where to apply each protocol. Discuss each difference between IPSec and SSL/TLS. Lab 8.2: Protecting Communication Privacy and Data Integrity In Lab 8.2, students will turn on SSL for portions of the TailspinToys and TailspinToysAdmin Web applications.
Module 8: Protecting Communication Privacy and Data Integrity ix Customization Information This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs. This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware. Lab Setup To complete this lab, the WebUser login and the InternetStoredProcs and IntranetStoredProcs roles must be added to Microsoft SQL Server™ on the Glasgow computer. ! Configure SQL Server on the Glasgow computer • If you did not perform the “Adding Roles and Logins to SQL Server” demonstration in Module 7, “Securing Microsoft SQL Server,” in Course 2300, Developing Secure Web Applications, you must do it now. To complete this lab, students can continue working in the Tailspin Toys Visual Studio .NET projects that they used in previous labs, or they can start with new files. To start with new files, students must complete the following steps. ! Create the Web applications for the ASP exercises 1. Copy all of the contents of the ASP starter folder install_folder\Labfiles\ Lab08_2\ASP\Starter\TailspinToys to the TailspinToys IIS virtual directory at C:\Inetpub\wwwroot\TailspinToys. 2. Copy all of the contents of the ASP starter folder install_folder\Labfiles\ Lab08_2\ASP\Starter\TailspinToysAdmin to the TailspinToys IIS virtual directory at C:\Inetpub\wwwroot\TailspinToysAdmin. ! Create the Web applications for the ASP.NET exercises 1. Copy all of the contents of the ASP.NET folder install_folder\Labfiles\ Lab08_2\ASPXVB\Starter\TailspinToys.NET to the TailspinToys.NET IIS virtual directory at C:\Inetpub\wwwroot\TailspinToys.NET. 2. Copy all of the contents of the ASP.NET folder install_folder\Labfiles\ Lab08_2\ASPXVB\Starter\TailspinToysAdmin.NET to the TailspinToysAdmin.NET IIS virtual directory at C:\Inetpub\wwwroot\ TailspinToysAdmin.NET. 3. Edit the file c:\Inetpub\wwwroot\TailspinToysAdmin.NET\Web.config and change the tag to be , where machineName is the name of your computer.
x Module 8: Protecting Communication Privacy and Data Integrity ! Configure IIS authentication 1. Run the IIS administrative tool. 2. Expand the computer node and the Default Web Site node in the tree. 3. Right-click the TailspinToysAdmin virtual directory, and then click Properties. 4. Click Directory Security. 5. In the Anonymous access and authentication control group, click Edit. 6. Clear the Anonymous access check box. 7. Click OK twice to save your changes. 8. Right-click the TailspinToysAdmin.NET virtual directory, and then click Properties. 9. Click Directory Security. 10. In the Anonymous access and authentication control group, click Edit. 11. Clear the Anonymous access check box. 12. Click OK twice to save your changes. Lab Results Performing the labs in this module introduces the following configuration changes: ! The Login.asp and ChangePassword.asp pages are moved into a private folder in the TailspinToys Web application. ! The Login.aspx and ChangePassword.aspx pages are moved into a private folder in the TailspinToys.NET Web application. ! The private folder in each of the following Web applications is configured in IIS to require SSL: • TailspinToys • TailspinToys.NET • TailspinToysAdmin • TailspinToysAdmin.NET
Module 8: Protecting Communication Privacy and Data Integrity 1 Overview ! Introduction to Cryptography ! Working with Digital Certificates ! Using the Secure Sockets Layer/Transport Layer Security Protocols ! Using Internet Protocol Security *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction By using Internet Information Services (IIS), you can validate user and resource identities, as well as protect data and communications between the Web browser and the Web server. The communication link between the browser and the server is susceptible to a number of security-related attacks, including: ! Network monitoring. An attacker can use a network monitoring application or device to observe and read network packets. If the packets are not encrypted, a network-monitoring tool provides a full view of the data that is inside the packet. Such applications and devices are useful for diagnostic purposes, but they can be misused to obtain unauthorized access to data. Network Monitor is an example of a network-monitoring tool. ! Data modification. An attacker can modify a packet in transit and send counterfeit data, which can prevent the receiver from receiving the correct information or can allow the attacker to obtain secure information. ! Passwords. An attacker can use a stolen password or key, or can attempt to decipher the password if it is a simple password. ! Address spoofing. An attacker can use special programs to construct Internet Protocol (IP) packets that appear to originate from valid IP addresses that come from inside the trusted network. ! Man-in-the-middle. An attacker can actively monitor, capture, and control the data that passes between two communicating computers without the knowledge of the affected parties (for example, the attacker can reroute a data exchange). Note The code samples in this module are provided in both Microsoft® Visual Basic® .NET and C#.
2 Module 8: Protecting Communication Privacy and Data Integrity Objectives After completing this module, you will be able to: ! Define the basic elements of cryptography. ! Describe the purpose of digital certificates and obtain one through a Certificate Authority (CA). ! Validate user and Web server identity through the use of Secure Sockets Layer (SSL)/Transport Layer Security (TLS). ! Protect communications between Web application resources through the use of Internet Protocol security (IPSec).
Module 8: Protecting Communication Privacy and Data Integrity 3 Lesson: Introduction to Cryptography ! What Is Cryptography? ! How Does Symmetric Encryption Work? ! How Does Asymmetric Encryption Work? ! Exchanging and Storing Keys ! Verifying Data Integrity with Hashes ! Using Digital Signatures ! Practice: Using Cryptography *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Because cryptography permeates many security-related technologies, a general understanding of what cryptography is and how it works is valuable when developing secure Web applications. This lesson provides an overview of cryptography, including a description of the functional aspects of, and the differences between, public key cryptography, private key cryptography, hashing (digests), data signing, and digital certificates. Lesson objectives After completing this lesson, you will be able to: ! Describe the purpose and uses of cryptography. ! Describe how symmetric (or private key) encryption works. ! Describe how asymmetric (or public key) encryption works. ! Describe how session keys are typically exchanged between users. ! Explain the purpose of hashing and digital signing.
4 Module 8: Protecting Communication Privacy and Data Integrity What Is Cryptography? ! Cryptography is the science of protecting data " Protects a user's identity or data from being read " Protects data from being altered " Verifies that data originates from a particular user ! Encryption is the process of scrambling data ! Encryption is only as strong as the key Data Data Key Key Encryption algorithm Encryption algorithm *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Cryptography, the practice and study of encryption and decryption, provides the foundation of secure communications in a Web application. What is cryptography? Cryptography is a mathematical science that was originally developed for military communications with the intention of keeping secrets from the enemy in times of war. More recently, cryptography has also been used in the information technology (IT) industry to aid in securely authenticating users on a network, protecting a user's identity, protecting data from being read or altered, or verifying that the data originates from a particular user. Two forms of cryptography are symmetric and asymmetric encryption. What is encryption? Cryptography is put into practice through the use of encryption, which is the process of scrambling data by applying an algorithm to it. By encrypting data, you can make it difficult and time consuming, if not impossible, for an attacker to decipher the data. Encryption is often used in the following types of transactions: ! E-mail ! E-commerce ! File storage ! Database connections ! Web client authentication
Module 8: Protecting Communication Privacy and Data Integrity 5 How is data encrypted? An encryption algorithm, also called a cipher, is used with secret data, which is called a key, to encrypt data. The key prevents the message from being decoded—even if the algorithm is publicly known. However, if the keys are compromised, even the strongest levels of cryptographic algorithms are worthless. For cryptography to work securely, the generation, storage, and exchange of keys must be protected. If the keys are exchanged in plain text, it is easy for an attacker to intercept an e-mail message or other forms of communication to obtain the keys. Note For more information about encryption algorithms, see the topic “Supported Algorithms” in the Microsoft MSDN® online documentation.
6 Module 8: Protecting Communication Privacy and Data Integrity How Does Symmetric Encryption Work? ! Same encryption algorithm and key are used to both encrypt and decrypt the data ! Fast and efficient ! Difficult to safely exchange keys so they change often Private key known by the sender and recipient Data Data Data Data Encrypt Encrypt *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Symmetric encryption algorithms use a single, private key (also called a session key), which is agreed upon by both the sender and the recipient of the data. This key is used to both encrypt and decrypt the data. Advantages and Symmetric encryption is the most commonly used form of encryption because disadvantage of it is very fast and efficient. Symmetric encryption is well suited for performing symmetric encryption cryptographic transformations on large streams of data, because it can process the data in a fast and efficient manner. The disadvantage of using symmetric encryption is that it is difficult to protect keys when they are exchanged between the sender and recipient of the data. Because of this difficulty, session keys are frequently changed, with a different session key created for each message that is encrypted.
Module 8: Protecting Communication Privacy and Data Integrity 7 How Does Asymmetric Encryption Work? User A ! Each user has both a private and a public key ! Messages encrypted with the public key can be decrypted only by using the Private Public private key key key ! When messages are encrypted with the User B private key, anyone with a public key can verify that the owner of the private key sent it ! More secure than symmetric encryption, Private Public but not as efficient key key *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Asymmetric (or public key) encryption uses a private key, which must be kept secret from unauthorized users, and a public key, which can be made public to all users. Both the public key and the private key are mathematically linked. The mathematical complexity of the relationship between the public key and the private key means that, provided that the keys are long enough, it is practically impossible to determine one key from the other. The following table shows various key sizes, the corresponding number of keys in the keyspace, and the time that it takes to check all of the keys at 1.6 million keys per second and at 10 billion keys per second. Time to check all keys (at 1.6 Time to check all Key million keys per keys (at 10 billion size (x) Number of keys (2x) second) keys per second) 40 1,099,511,627,776 8 days 109 seconds 56 72,057,594,037,927,900 1,427 years 83 days 64 18,446,744,073,709,600,000 365,338 years 58.5 years 128 3.40282E+38 6.73931E+24 years 1.07829E+21 years Using asymmetric encryption, users can be assured that: ! Messages that are encrypted with the public key can be decrypted only by using the private key. ! When messages are encrypted with the private key, any user with a public key can verify that only the owner of the private key could have sent the message.
8 Module 8: Protecting Communication Privacy and Data Integrity Advantages and Asymmetric encryption provides a much higher level of security than disadvantages of symmetric encryption. This higher level of security, however, comes at a asymmetric encryption performance cost. Asymmetric encryption is not typically used to transmit large streams of data because it is not as fast and efficient as symmetric encryption.
Module 8: Protecting Communication Privacy and Data Integrity 9 Exchanging and Storing Keys ! Exchanging keys 1 1 " Use asymmetric encryption to transfer a key User A User A User A User A Private Private Public Session key key Session key key Encrypt Encrypt 2 2 " Use symmetric encryption for the remainder of the session ! Storing keys " ACL protected resource, DPAPI, LSA *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Due to the security issues that are associated with symmetric encryption and the performance issues that are associated with asymmetric encryption, most real- world scenarios use a combination of these two technologies. Exchanging keys Asymmetric encryption is often used to transfer a session key between users, thereby taking advantage of the stronger security that is provided by asymmetric encryption. After the session key is transmitted between users, symmetric encryption is then used for the remainder of the session. Storing keys The most challenging aspect of cryptography is the secure storage of private keys. You can store a key in a resource that can be secured through access control lists (ACLs), such as the registry, and then you can define an ACL only on the resource that allows your application to read it. A typical ACL contains only Creator/Owner Full Control and Administrators Full Control. You can also use the Data Protection API (DPAPI) to store keys. DPAPI relies on two functions, CryptProtectData and CryptUnprotectData, which can be used to produce user-specific or computer-specific encryptions without explicit key management. Only a user with logon credentials matching those credentials of the user that originally encrypted the data can decrypt the data. In addition, decryption usually can only be done on the computer where the data was encrypted. DPAPI is not directly wrapped by managed wrappers, so you must use P/Invoke to call them. Note For more information about running managed code in the Microsoft .NET common language runtime, see the MSDN Magazine article, “Migrating Native Code to the .NET CLR,” which is available at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnmag01/ html/com0105.asp.
10 Module 8: Protecting Communication Privacy and Data Integrity If your process runs as SYSTEM (such as an Active Server Pages (ASP) page), you can store keys in the Local Security Authority (LSA) by using LsaStorePrivateData and LsaRetrievePrivateData. LSA can store only a fixed (small) number of keys, however, so this option should be used carefully. Keys that are protected by LSA can still be viewed by administrators on the computer by using tools such as LSADump2.exe. Important Key management is one of the most challenging parts of designing a secure system. Ultimately, the best practice is to avoid storing keys, if at all possible. Storing keys is not covered in this course. For more information about storing keys, see the Microsoft Press® book, Writing Secure Code, by Michael Howard and David LaBlanc (Redmond: Microsoft Press), 2001.