Having gone through several introductory posts covering background
material such as
key containers and
methods of key generation,
we are now ready to delve into the actual cryptographic operations
that use symmetric algorithms in detail.
In a prior post, I described the use
of Windows CryptoAPI to compute message digests and message
authentication codes which ensure integrity of messages. We now
move on to the use of symmetric algorithms in cryptography, which can
be used for both message confidentiality and integrity.
Asymmetric algorithms will be covered in future posts. Refer to the
in this series for the difference between the two.
In my prior post, I introduced
several abstractions — Cryptographic Service Providers,
cryptographic contexts and key containers — that are part
of Windows CryptoAPI and promised to look at
cryptographic keys next.
Well, I changed my mind, figuring it might be better to first talk
about simpler operations that do not require the use of keys at all.
This post thus describes the generation of hashes, message digests
and message integrity codes using Windows CryptoAPI and TWAPI.
This is the second in a series of posts on the use of cryptography on Windows.
The previous blog post introduced the
basic concepts related to cryptography. Here we delve into how those
concepts are implemented in Windows at a system or architectural level
and of course, how one accesses them from Tcl. This will lay the
ground for discussing the actual cryptographic operations in future posts.
Security is currently the No. 1 priority for the software industry; and
if that's not the case, it should be, given the current state of
affairs with daily reports of major computer break-ins, credit card fraud,
identity theft etc. It is important for applications, and application
writers, to be aware of these issues and make use of all available
technologies to protect against attacks.
This post is about US encryption controls on open source software
and what programmers need to do to comply with those regulations.
I must start with a caveat because I know practically nothing
about the subject! Treat it as one person's understanding of the matter,
not legal advice. I am not a lawyer, don't play one on TV or even actually
know a real lawyer. I am writing this as an aid to others writing
open source software in the hope it will make them aware of
the concerned regulations.