Cryptography for Visual Basic by Richard Bondi

Cryptography for Visual Basic by Richard Bondi

Title: Cryptography for Visual Basic

Author: Richard Bondi

Length: 459 Pages

Format: Paperback

Publisher: Wiley

Published date: 2000

ISBN-13: 978-1931841252

Richard Bondi introduces the subjects of cryptography and digital certificates in an easy-to-follow way. The symmetric and asymmetric varieties of ciphers are described using concepts like session keys, hash functions, PRNGs (Pseudo-Random Number Generators) and cipher-block chaining mode. Binary, bits and XOR functions pave the way for Visual Basic declarations of the Windows CryptoAPI, originally written in C, consequently producing a lot of explanation how Windows API data types and parameter passing are translated into their VB equivalents. After 100 pages or so, I was quite impressed, especially as it would appear that cryptography could be set up using VB in an ASP page. The next chapter then delves into the complications of using VB objects as pointers, encoding ASCII as hexadecimal so SQL strings could be interpreted, bitwise arithmetic and error trapping. As much as the methods explained are illuminating, a cryptographic system would seem to be no small feat. There follows an in-depth description of the CryptoAPI and how to use it in VB via the open-source WCCO (Wiley CryptoAPI COM Objects) interface (source code is contained in the book and on the CD). The main objects like the provider and container, then key objects, hashing, signing, messagetext are described in great detail. Testing strategies, key management and some philosophical and political ideas surrounding cryptography bring us to the book’s conclusion.

Like graphics programming, crypto-programming seems from the outside quite involved so be prepared for some work! I give praise to the author for explaining many general concepts well and giving clues as to how to handle VB in the context of the Windows API and bitwise modes. One feature I liked in the book was the way concepts were explained with several example scenarios you may encounter with suggestions of how to tackle each. With VB6 and a Windows front end seeming a little dated, perhaps implementing via ASP could seem more relevant. Nevertheless as an introduction to a language specific crypto-programming exercise this books seems to be of some use.  If further developed, the end results could be worth their weight in these days of secure business.

VB CryptoAPI is an encryption method that has developed and is mature; looking at it from a simpler perspective for Java here are two easy tutorials from CompSci Studio for encryption and decryption which could be templates for the cryptography we’ve so far experimented in Sense. I’ve found this O’Reilly book which covers Java methods in a little more depth: Java Cryptography by Jonathan Knudsen.

The Code Book by Simon Singh

The Code Book by Simon Singh

Title: The Code Book

Author: Simon Singh

Length: 402 Pages

Format: Paperback

Publisher: Fourth Estate Ltd

Published date: 1999

ISBN-13: 978-0007635740

Since ancient times cryptography and its counter science cryptanalysis have been used to transfer messages in secret. From letters written under the hair of a courier’s scalp until the mangling of codes which has dominated the science until the present day, the famous cases, fiction and developments are described in an in-depth and readable way. The art of creating a cipher or key which was required to encrypt and decrypt a message passed through various stages. At some periods in history cryptography was unbreakable, but inevitably the code was broken, only to be restrengthened at a later stage. It is hard to believe that the Elizabethans used sophisticated methods whose analysis was also used to threatening effect by their spy rings.

In the twentieth century two developments dominated: the German Enigma machine and its code-breakers at Bletchley Park during the Second World War; and the development of the asymmetric cipher in the 1970s whose workings is illustrated using the fictitious characters Alice, Bob and Eve.

The future of the science is considered – will quantum computers be able to easily decipher long keys or will the key be strengthened using photons?

This is an excellent book. The author bridges all of the history behind cryptography with clear explanations that anybody can understand. It is interesting and easy to read.

Digital Signatures by Atreya, Hammond, Paine, Starrett and Wu

Digital Signatures by Atreya, Hammond, Paine, Starrett and Wu

Title: Digital Signatures

Author: Atreya, Hammond, Paine, Starrett, Wu

Length: 368 Pages

Format: Paperback

Publisher: RSA Press, Osbourne

Published date: 2002

ISBN-13: 978-0072194821

After a gentle introduction explaining the requirement for electronic signatures in terms of usability, legislation and motivation, a difficult description of cryptography follows. This covers various symmetric and asymmetric public key algorithms such as DES, AES, RSA and DSA and branches into stream and block ciphers. You can try to follow the explanation, but quite a lot is explained in a short time, so if you’re looking for it to be more gradual, I would definitely recommend The Code Book by Simon Singh. PKI (Public Key Infrastructure) refers to the often hierarchical system of CA (Certificate Authorities) and RA (Registration Authorities) organisations which create, distribute, renew or revoke digital certificates. There can be permutations of PKI, for example cross certification which allows CAs to verify the certificates of others. Algorithms are explored in some detail in regards to the integrity of data which is difficult to maintain in newer technologies such as biometric authentication. The importance and legal implications of handwritten and digital signatures is discussed with regards to public key certificates. Business usage models are examined such as B2B (Business-to-Business) and G2C (Government-to-Consumer), the latter is of particular importance to me as it lays out a model which would digitize documentation where I currently work at the Student Loans Company. These are theoretical models, once PKI implementation takes place this can be expressed as open, closed, multi-business, contractual, membership, self-help or bridge PKIs. Do you insource or outsource your PKI needs and how is this all documented? Finally there is more information on standards such as SET, X.509v3, SSL, S/MIME and PEM, legal issues, liability and documentation.

Cryptography in Fiction

The Code Book by Simon Singh references some fictional works which weave cryptography into their respective story lines.

Among them is The Gold Bug by Edgar Allan Poe which is a short tale written in the 1840s. It tells of how three men in South Carolina discover the buried treasure of Captain Kidd.

The location of the treasure is revealed by a piece of parchment which via steganography (the art of concealment), has secret cryptographic codes written into it. In the story, William Legrand discovers that by heating the parchment the code is revealed which he deciphers using frequency analysis (how many times a character is repeated). The code itself is a simple substitution cipher.

The term enigma is referenced twice in the story, once with regards to the use of cryptography and the other to reference the mystery of buried treasure. Perhaps this was the derivation of the name of the eponymous German machine.