We've developed a service, which sends e-mails... quite trivial at this step.
The next step will be: handling the bounces.
To implement this I need to add some information into the headers... Let's say it's a simple string (to keep the question really basic).
Which compression/encryption (.net-built-in prefered) should I take, when I'm looking for an algorithm which includes a checksum internally (I do not want to create a CRC or alikes and add it to the headers either) - so, changing some char of the encrypted/compressed string doesn't mean it's valid!
This need not be a "high-sofisticated" algorithm, as I just want a basic detection against changes/injections...
Just to be clear: There must be a chance to decompress/decrypt!
If you need to decompress/decrypt the message, you probably want a two-way encryption. I am not an expert here, but I think .NET comes with built-in support for AES, which is a Rijndael algorithm. You can get more information here.
Have you thought/read about OpenPGP? This SO thread might be a good starting point for you.
To answer the compression part of it, you may want to consider either the System.IO.Compression.GZipStream or System.IO.Compression.DeflateStream classes for compression. DeflateStream uses LZW compression that is (with a bit of hackery), compatible with ZLib (http://stackoverflow.com/questions/70347/zlib-compatible-compression-streams).
Related
Platform: Server - ASP.NET 3.5 / C#; client side - javascript/jQuery
This is what I want to do
Scramble a string in ASP.NET WebMethod (called through a jQuery Ajax call) before sending to the client
Unscramble it in javascript and display
I'm not looking at any sort of heavy duty encryption AES SHA whatever. I'm only interested in simple obfuscation - so if a user wants to persevere and decrypt the strings (which I will display anyway in a sequence, it's just that I don't want them to see all of them in the mark-up) then they can, it doesn't matter.
Are there any simple schemes to do this?
for clarity:
say I want to send a pre-filled array to the client browser with ["a'"b","c"]
when someone opens the source on the browser, he/she should see, say. ["m","n","o"]
but when I display, I would recompute it to "a" and show it. That's all.
What ever the intention may be...
Why not just implement the simplest "encryption"-algorithm out there
ROT13
Most algorithms for ciphering/encryption are language-agnostic. If you simply want to obfuscate the string from casual observation, I would implement a simple shift cipher (a->n). You'll have to write the encoder in C#, then the decoder in JavaScript; that's pretty much the whole story. Be aware that if you use the ASCII codes to shift, you have to avoid rolling over into "control" codes like newlines, and you can't include or encode into the ampersand "&" character. It may be simpler to hard-code identical arrays of valid character values, and provide an index offset that is the "shift"..
How about transforming it to base64 like the regular asp.net does for the viewstate by default / no encryption, just hiding.
I'd stick to the most basic thing, as youll have the js at the client to get it back anyway. A simple obfuscation algorithmic could be used instead if you need, but I wouldn't bother going into any real encryption for this.
I have developed my programming skills to a point where i can do most everyday stuff quite well and easily, and I thought one day, that making a polymorphic engine would really test my skills, and I was wondering if anybody had any pointers on making a polymorphic engine for a program, where to start, maybe some code examples? really anything would be helpful at this point :)
here are some of my resorces:
http://en.wikipedia.org/wiki/Polymorphic_code <- this is the one im particularly interested in..
http://en.wikipedia.org/wiki/Polymorphic_engine
As I mention in a comment, this is possible in .NET using the magical System.Reflection.Emit namespace. You just create a new DynamicMethod and emit any [valid] opcodes into it, and then call Invoke.
I've spent the last few hours trying to build a simple showcase for a "clean" program that would create new copies of itself with encrypted il code. The approach I went for was having an Exec method, grab the il-bytes (using MethodBase.GetMethodBody), encrypt them and emit a new assembly having the iv+key and the encrypted bytes. The main method would then decrypt, create a new DynamicMethod, call DynamicILInfo.SetCode and hopefully work. It didnt.
The encryption/decryption thingie worked, and my emitted code was correct. However, it seems that you can not take the raw bytes from one assembly and just execute them in another.
Data (from BitConverter.ToString) from run A and run B.
A: 28-01-00-00-0A...
B: 28-11-00-00-0A...
Unless you know the byte values for every opcode, open ILDAsm, choose View > Show bytes. There's also a View > Show token values which also helps debugging. Press ctrl-m for View > MetaData > Show! to resolve tokens and other magical creatures.
"28 01 00 00 0A" -> CALL 0A000001 -> [According to ctrl-m] MethodBase.GetCurrentMethod
These different token values are generated sequentially by the compiler. This means that it's impossible to guarantee that everything will work using raw bytes. Just think of the common case where the compiler only created tokens for every method call require to decrypt your byte array, and you call Console.WriteLine in your encrypted code. No such token is written, and you'll end up with a "BadImageFormatException: Bad binary signature" when invoking your dynamic method.
I leave it as a task for the read (or until I'm bored again) to transform the byte array, during the emitting process, to a format which the decryptor can read and emit to real il bytes. The emitting process will create all necessary tokens, so it should work.
If you want to chicken out from all the awesomeness of emitting opcodes, do some dynamic compilation from code stored as strings (which can of course be encrypted). This, however, lose in both cleverness, coolness and everything else that can be used to measure the pure awesomeness of the developer (YOU!). Check out this tutorial for a quick display of dynamic compilation and execution of C# within strings.
Well, as far as I know a polymorphic engine is just the code you want run encrypted, then pair that with a decryption module. So all you need to do is encrypt your code into a string. Then you write a decypter. I would use a basic symmetric encryption class like hxxp://www.obviex.com/samples/Code.aspx?Source=EncryptionCS&Title=Symmetric%20Key%20Encryption&Lang=C%23
After that, run the code in memory, something like hxxp://support.microsoft.com/kb/304655
EDIT:
If you wanted to get more indepth, you could always write your own encryption/decryption, make it something like base_64 (no key), instead of AES (with a key)
Hope that helps,
Max
Polymorphic code is not possible in C# or managed languages. It requires you to produce assembly code for a specific platform (.NET is not platform-specific) into a buffer or data area, then jump into that buffer or data area. There are many layers of software and hardware in place to stop that happening - see the NX bit on Wikipedia for example.
You can't do it in managed code. You'd have to write it in unmanaged code and call into that.
Hope that helps.
Please see the helpful comment on this answer, as you can dynamically create managed code from managed code; I was considering unmanaged code, as is used on the whole.
Using block tea (XXTEA), how can I convert encrypted text into human readable form?
string encryptedText = "ASDFSDAFSADFSDFSDFSDAF"; (assume it is in correct format)
I have the key/pwd also.
There is a Visual Basic implementation of the block tea algorithm here:
http://www.blog-dotnet.com/post/Tiny-Encryption-Algorithm-(TEA)-in-Visual-BasicNET.aspx
Block tea is meant to be easily implementable, so you shouldn't have a hard time converting that to C# (or compiling it into a .NET assembly with VB and then referencing it from .NET).
You should use the above as a base and then modify it as per the XXTEA algorithm, found here:
http://en.wikipedia.org/wiki/XXTEA
Again, it's meant as being easy to implement, so you shouldn't be too hard. If there are specific parts you are having issues with, please make sure to follow up.
Edit1: Core XTEA algorithm in C# with other parts in VB.NET at CodeProject
Tiny Encryption Algorithm and XTEA for the Compact Framework at CodeProject
Here is a JavaScript Implementation of the XXTEA algorithm and here.
Here is a Pascal implementation of all of them.
With all the other answers you should be able to put an implementation together. Once you do it, make a blog or report back here so it is recorded for the next guy!
I found this https://github.com/WooCode/xxTea which is a C# implementation, with unit tests provided. I haven't verified it's accuracy.
Which serialization should I use?
I need to store a large Dictionary with 100000+ elements, and I just need to save and load this data directly without caring whether it's binary or whether it's formatted or not.
Right now I am using the BinarySerializer but not sure if it's the most effective?
Please suggest better alternatives in the .NET standard libraries or an external library, preferably free.
EDIT: This is to serialize to disk and from it. The app is single threaded too.
Well, it will depend on what's in the dictionary - but if Protocol Buffers is flexible enough for you (you have to define your own types to serialize - it doesn't do all .NET types or anything like that), it's pretty darned fast.
For example, in protocol buffers I'd represent the dictionary as a message with a repeated key/value pair field. For ultimate speed you could use the CodedOutputStream and CodedInputStream to serialize/deserialize the dictionary directly rather than reading it all into memory separately first. Again, it'll depend on what the key/value types are though.
This is entirely a guess since I haven't profiled this (ie. which is what you should do to truly get your answer).
But my guess is that the binary serializer would give you the best performance. Both in size and speed.
This is a bit of an open-ended question. Are you storing this in memory or writing it to disk? Does this execute in a multi-threaded (and perhaps multi-concurrent-access) environment? Context is important.
BinarySerializer is generally going to be pretty fast, and there are external libs that provide better compression such as ProtoBuffers. I've personally had good success with DataContractSerializer.
The great thing about all these options is that you can try all of them (relatively pain free) to learn for yourself what works in your environment and operation.
I want to work on the Rijndael algorithm using C#. Can anybody help me with this please?
I'm assuming you mean the Rijndael encryption algorithm - in which case RinjdaelManaged would be of use. The MSDN documentation (previous link) has examples, or there are lots of other references, for example see here.
I see (comments to other reply) that you are looking at implementing this yourself... some thoughts:
don't
why?
don't
Unless this is purely for interest, stick to the existing implementation. It will eat time, and potentially introduce security weaknesses. I can't think of a good reason to rewrite this.
sorry guys, but I just can not resist
from http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html
If you just need a working implementation check out the Rijndael Documentation on MSDN. The Rijndael implementation looks pretty convenient to interface with.
It's of course a different story if you are trying implement it yourself.
I am looking into the same that as per brian.
But the problem here is that all the rijndael samples available in the net are mostly using a Text File but is there any way of doing it in a Online Mode where when i get the data in the text box i convert it and put directly in to the database.
Any Hints on this would be much better and all the samples are defining the key from the Rijndael class itself, can't we provide the Key of our own.
cheers
Biju