Disabling the FIPS Algorithm Check

.NET 2.0 introduced a check for FIPS certified algorithms if your local security policy was configured to require them.  This resulted in algorithms which are not FIPS compliant (or implementations which were not FIPS certified) throwing an InvalidOperationException from their constructors. In some cases this isn’t a desirable behavior.  For instance, some applications need to…

4

Manifested Controls Redux

Last year, I made a series of posts about a new feature available in the betas of .NET 3.5 which enabled you to specify declaratively the set of permissions that IE hosted managed controls should run with.  Since the betas there have been a couple of tweaks to the manifest control model, so those posts…

1

Bypassing the Authenticode Signature Check on Startup

A while back I wrote about the performance penalty of loading an assembly with an Authenticode signature.  The CLR will attempt to verify the signature at load time to generate Publisher evidence for the assembly.  However, by default most applications don’t need Publisher evidence.  Standard CAS policy does not rely on the PublisherMembershipCondition, so unless your…

3

Tying your IE Hosted Control to a Manifest

Last week, I talked about the Orcas feature which allows you to provide a manifest to elevate your control’s permissions declaratively.  We also saw how to generate manifests that would state what permissions your control needs (and the rules associated with those manifests).  Now it’s time to tie it all together and create an HTML…

1

Manifests for IE Hosted Controls

Earlier this week,I talked about the Orcas feature where controls can declaratively request permissions in a similar way to ClickOnce applications.  In fact, the manifests used for this request are the same manifests used for ClickOnce applications, with a few special requirements added onto them.  When you’re developing controls, its possible to have manifests which…

8

Specifying Permissions for IE Controls in Orcas

One of my most read blog posts (and one of the reasons I created this blog in the first place — to answer what was one of the most asked questions on the old .NET Security newsgroup), is my post about granting managed controls hosted in IE extra permissions.  If you need to have a…

1

Introduction to the Orcas Add-In Model

One of the features the CLR team is adding in Orcas is that we’re providing a new model to help enable your application to host Add-Ins.  I’ve got a special interest in this set of features, as I always try to make my hobby applications pluggable for some reason, and I tend to end up…

2

Elliptic Curve Diffie-Hellman

The second elliptic curve algorithm added to Orcas is elliptic curve Diffie-Hellman, as the ECDiffieHellmanCng class. This is the first time Diffie-Hellman is available as part of the .NET Framework, so lets take a quick look at what it is and what it does.  Diffie-Hellman is one of the oldest asymmetric algorithms, however unlike the…

8

Elliptic Curve DSA

Yesterday I gave a quick rundown of all the new cryptographic algorithms available in the Orcas January CTP.  Today, let’s dive in a little deeper to the first of the elliptic curve algorithms, ECDSA.  (ECDSA, along with the rest of the CNG classes in the .NET Framework, is only available on Windows Vista). ECDSA is…

3

New Crypto Algorithms in Orcas

The January CTP of Orcas is now available, and with it comes a total of 12 new cryptography algorithm implementation classes, which include 2.5 new algorithms.  (I’ll count AES as 0.5 since we did already have Rijndael 🙂 ).  These classes also are the first set of managed wrappers around the new CNG APIs in Windows…

6