Encryption, Decryption, AES, PGP, Oh My!

Professor Stick talks AES
Professor Stick talks AES

Jeff Moser has an enlightened, and entertaining explanation of the Advanced Encryption Standard on his web site, Moserware. As Jeff describes the explanation, its a play in four acts. I had to exit the stage when the stick figure professor got into the heavy math, but it was a great lesson, none the less.

You can head on over to Jeff’s site to check it all out. In fact, I suggest reading it, even if you’re not really that into encryption standards and technology. Its a great primer.

Jeff also posted some sample files about how to use AES on GitHub, which got me thinking about an encryption / decryption article I wrote recently. For the PGP Decryption with C Sharp post I wrote, I created a handy sample application and a small library, both of which are available on this site today.

I haven’t really done anything with GitHub, despite its simplicity and audience. So today, after my AES education with Professor Stick, I decided to setup a GitHub account and share my PGP Encryption with C Sharp examples there too.

Enjoy.

Storing Files on Optical Media

For a number of years now, nearly a decade, I’ve been saving files for backup and archival on to optical media. In the early 2000’s, I was using CD-Rs as my primary backup media and more recently, I’ve been using DVD-Rs. In recent years, I’ve mostly been concerned with archiving my photos. With two little ones at home, I tend to take a lot of pictures, and I’d like to keep those around.

In fact, just the other day, I came across a backup CD from 2000. The label was something descriptive like, August 2000 Backup, so I put it in my MacBook and it loaded right up. By the way, lots of useless crap on that CD. I have no idea why I thought I needed to archive that stuff… But at least the CD was still in good working order. Good news, right?

Not so fast my friends…

Optical Media
Optical Media

I was reading through some threads this morning on a Mac that were talking about interesting ways to create contact sheets for DVDs that contain lots of archived photos. One of the comments pointed to a New York Times blog about the shelf life of optical media, stating that many low end DVDs have a shelf life of less than 5 years. Yikes!

Now, in my mind, the New York Times doesn’t have the best record when it comes to the telling the whole story, or in some cases, the truth at all… So I set out to do a bit research to see just how long I could expect my newly imprinted DVDs to last.

The US Government has some interesting information about using optical media to temporarily store data. There are several links at the bottom of that FAQ that are also worth while.

One of the studies, Using CDs for Data Storage, is definitely worth while. It only talks about compact discs, but it is somewhat reassuring.

According to the National Media Laboratory’s findings, CDs could be relied on for data storage for at least five years, and that the best quality CDs could provide reliable data storage for at least 50 years.

That’s better news… At least for the useless crap I backed-up to CD back in the day. The study above doesn’t talk about DVDs and that’s what we’re all using today, so the search continued.

Seeing how Wikipedia is the destination for all knowledge today, I decided to poke around there to see what I could find. At last, something reassuring about all those DVDs filled with family pictures.

Per Wikipedia (link):

According to the Optical Storage Technology Association (OSTA), “manufacturers claim life spans ranging from 30 to 100 years for DVD, DVD-R and DVD+R discs and up to 30 years for DVD-RW, DVD+RW and DVD-RAM”, although a manufacturer of 24-karat gold-based DVDs claims lifespans of up to 300 years.

The Optical Storage Technology Association has further information about using optical media as an archive medium. According to their page, Understanding DVD – Disc Longevity:

The life span of a written disc depends upon a number of factors including such things as the intrinsic properties of the materials used in the disc’s construction, the quality of its manufacture, how well it is recorded and the way it has been handled and stored.

In plain English, I read that as, “the life span of your DVD depends”, or “we really don’t want to commit to a specific time frame”, but thank you for buying…

I was talking with Jim while I was doing the research to write this up. He had a great idea for extending the life of your DVD media.

Store the DVD in a jewel case, then use one of those vacuum packed food storage bags to hold the jewel cases.

Yeah, I’ll get right on that.

You know, I learned something today.

  1. Take good care of the optical media you use.
  2. Buy high quality DVDs and/or CDs (stop buying the $4 for 100 CD spindles!)
  3. Disc Rot is a thing of the past (proof)
  4. Properly handled DVDs should last at least 5 years and likely much longer than that.
  5. No solution lasts forever… You’re going to have to move those archives to some new media at some point.


Visual Studio – ClickOnce Deployment

ClickOnce is a feature of Visual Studio 2008 that allows a developer to quickly and fairly easily create a deployment package for their software.

ClickOnce Publish Wizard Dialogue
ClickOnce Publish Wizard Dialogue

The ClickOnce feature supports two types of applications – installed applications and online applications. The installed applications are similar to traditional Windows applications that appear in the start menu and can be removed with Add/Remove Programs. The online applications are hosted in the browser and not actually installed on the local machine.

As Wikipedia notes:

ClickOnce enables the user to install and run a Windows application by clicking a link in a web page. The core principle of ClickOnce is to bring the ease of deployment of web applications to the Windows user. In addition, ClickOnce aims to solve three other problems with conventional deployment models: the difficulty in updating a deployed application, the impact of an application to the user’s computer, and the need for administrator permissions to install applications.

ClickOnce applications can be deployed to a computer from a web site, a network share, and from traditional media like CD and DVD.

You may be wondering why I’m talking about such a seemingly trivial process… Well, in the past week, I’ve been working with ClickOnce, and while it is easy, and it does make deployment of an application really simple, it has a few quirks that are rather annoying.

It seems so simple!
It seems so simple!

When you’re creating an application you will often add additional files to the project, important files that are needed to ensure the application works properly. My recent project had a couple of PGP Key Rings that it absolutely had to have in order to operate.

Visual Studio assumes that the files you’ve added are only there to be viewed and that those files are not important to the running of your application. Therefore, those files are excluded, by default, when you create a deployment package with ClickOnce.

After a bit of trial and error, and a number of Google searches, I finally came across an excellent tutorial on including important files in the deployment package for ClickOnce. If you’re fighting with ClickOnce, like I was, please check out Neil Knobbe’s ClickOnce Deployment – Deploying files with your application.

Enjoy!


PGP Decryption with C#

PGP Decryption Pictogram
PGP Decryption Pictogram

One of my recent projects was to create a Windows desktop application that would allow a user to select a PGP encrypted file, select and output destination and click a button to have that file decrypted. There were a few other things the application needed to do, like verify the information in the file, but that was the easy part.

The real challenge was to load up the public and private key rings and decrypt the source file. I have a pretty good understanding of the concepts behind PGP (symmetric key) encryption, so it seemed like a fairly straight forward project. However, as most software developers know, perception and reality rarely align.

I started out looking for a .Net library that would encapsulate all of the PGP processes for me. Turns out, there are several, but most of them are commercial products and there just wasn’t any money in the project budget for that. So I keep looking and eventually, I came across the Legion of the Bouncy Castle, which provides an extensive encryption library. It was originally for Java, but has been ported to C#. Perfect!

This thing's got class(es)!
This thing's got class(es)!

I downloaded the non-IDEA library, referenced it in my project and voila! Except, not so much. There was a ton classes, but nothing referencing OpenPGP directly, and that’s what I needed.

I read through a ton of information on the Bouncy Castle site, and it looks like there should be a .OpenPgp class included. So I spent a bit more time searching through Google to find an example or two of others that were already using Bouncy Castle in C#.

If you’ve been trying to do the same thing, you already know that there aren’t very many good samples out there. I did find an excellent piece on how to encrypt files using PGP and the Bouncy Castle library by the .Net Geek. If you’re looking to encrypt files, this is a great place to start. I’ve incorporated this code into my crypto library that is below. I’ve also included links to a number of sites and articles that I read while working on this project. I hope you will find this information useful as well.

With a good example in hand, I started working out how to make the decryption side of things work. Again, its fairly straightforward, you just need to know what sort of stream you’re looking for at each stage of the process. Similar to the .Net Geek, I like to figure out how I’m going to consume the provider before I write it. That helps to make sure that the classes are easy to use and work like I’m expecting. I’ve provided a sample application and a crypto wrapper library at the bottom of this entry. Feel free to jump ahead.

All I wanted to do from my application was call the decryption routine and pass in the path to the encrypted file.

?View Code CSHARP
1
2
3
4
public bool DecryptFile(string encryptedFilePath)
{
    return decryptInputFile(encryptedFilePath);
}

The next step is setup the crypto wrapper and actually decode the file. I decided that I would simply remove the .gpg from the end of my encrypted file and use that as the destination file. In my case, I also had to process this intermediate file to ensure that all of the information was valid.

?View Code CSHARP
1
2
3
4
5
6
string outputFile = extractOutputFileName(encryptedFileName);
 
private string extractOutputFileName(string encryptedFileName)
{
      return encryptedFileName.Substring(0, encryptedFileName.LastIndexOf('.'));
}

Now I need to get everything ready to call the decrypt and verify method in the cryptography library. In my particular implementation, I wanted to be able to say that the decryption failed, but it wasn’t important to the end user exactly why, so it’s just true or false.

?View Code CSHARP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
private bool decryptInputFile(string encryptedFileName)
{
     bool returnCode;
     string outputFile = extractOutputFileName(encryptedFileName);
     try
     {
          SPL.Crypto.PgpEncryptionKeys keys = new PgpEncryptionKeys(publicKeyRingPath, secretKeyRingPath, passPhrase);
          PgpDecrypt decryptor = new PgpDecrypt(keys);
          Stream encryptedStream = new StreamReader(encryptedFileName).BaseStream;
          decryptor.DecryptAndVerify(encryptedStream, outputFile);
          returnCode = true;
     }
     catch (Exception)
     {
          // If there was an error, we're going to eat it and just let the user know we failed.
          returnCode = false;
     }
     return returnCode;
}

Once the decryption object had been setup, it was just a matter of invoking DecryptAndVerify. This method works through all of the different streams and transforms each into the next, finally resulting in the clear text document that we write out to the file system. None of the streams used in the decryption process are saved any where, they’re just kept in memory while they’re being used.

?View Code CSHARP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
private void decryptAndVerify(Stream inputStream, string outputFilePath)
{
     PgpPublicKeyEncryptedData publicKeyED = extractPublicKeyEncryptedData(inputStream);
     PgpObject message = getClearCompressedMessage(publicKeyED);
 
     if (message is PgpCompressedData)
     {
         message = processCompressedMessage(message);
         PgpLiteralData literalData = (PgpLiteralData)message;
         using (Stream outputFile = File.Create(outputFilePath))
         {
            using (Stream literalDataStream = literalData.GetInputStream())
            {
                Streams.PipeAll(literalDataStream, outputFile);
            }
         }
     }
 
     return;
}

I’ll leave the details of how it all works to the samples and the cryptography library below. All of the source is included for your reference.

9/23/2009 UPDATE

I added the sample files from this post to GitHub. Feel free to access the sample files there too.

More Information:

  • Bouncy Castle – http://www.bouncycastle.org/
  • Karmin’s Blog – http://karym6.blogspot.com/2009/06/pgp-decryption-with-c.html
  • .Net Geek – http://blogs.microsoft.co.il/blogs/kim/archive/2009/01/23/pgp-zip-encrypted-files-with-c.aspx
  • Jesse’s Blog – http://elian.co.uk/post/2009/07/29/Bouncy-Castle-CSharp.aspx
  • Aaron Johnson – http://cephas.net/blog/2004/09/03/pgp-decryption-using-c/

Sample Files:

Working with Twitterizer

I’ve been working on a custom FTP application for the past few days. The application is designed to read a list of remote resource files and go and download each file.

This application will be automated once its setup in production. No one will have to interact with it on a daily basis – it will just go and do the job it was designed for. Part of that job is to log its actions, so that the IT staff can review what’s happened and track down any issues that may come up.

Twitter
Twitter

If you’re on the web at all these days, you’ve no doubt, heard of Twitter. Its simple format makes it a great tool for sharing status information. It seemed to me that having the application tweet its status would be an easy, fun way to use Twitter and provide some semi-useful information.

Twitter exposes an extensive application programming interface, API, for third party developers to use. I briefly considered rolling my own wrappers for the Twitter API. However, that really wasn’t in the best interest my small project’s time line.

Instead, I decided to do a little searching for a pre-written, community supported, API wrapper for .Net. That’s when I found Twitterizer. The project is hosted on Google Code, so getting the files was a snap.

I downloaded the most recent, stable release (1.0.1.99 as I write this), and added it into my C# project. I had already setup a new account with Twitter for the application to use when broadcasting it’s status updates, so I had everything ready to go.

As I wrote the FTP application, I included a number of events that could be logged. Each log item, like the start of a download, had a “level” associated with it. The “level” allowed me to make the application really talkative, or fairly mute, depending on the configuration files.

Knowing that I wouldn’t want everything out on the application’s Twitter feed, I setup a special “log to twitter” minimum level for logging. If the log message was below the threshold, then the application would tweet it too. I also included a setting in the configuration file to disable the Twitter logging completely.

Working with Twitterizer couldn’t have been any easier. Their API wrapper has everything you need to easily send a status update.

?View Code CSHARP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
private void statusUpdate(string message, Utilities.LogLevel logLevel)
{
       string tweet = string.Concat(message, " #fr");
       if (tweet.Length > 140)
       {
           tweet = tweet.Substring(0, 140);
       }
 
       if (this.twitterEnabled && logLevel < = this.twitterLogLevel)
       {
           Twitter twitter = new Twitter(this.twitterUserName, this.twitterPassword);
           twitter.Status.Update(tweet);
       }
}

That’s all it took. Two lines of actual code to implement the status update using Twitterizer.

Is an application that tweets all that useful? Probably not. It was, however, fun to make it all work.

Fixing a Fridge

A couple years ago, I bought a very inexpensive wine cooling refrigerator by Haier (OW0912H6H). Turns out, it is a fairly simple device made by Oster. It will hold 12 bottles of wine and gives you the option to set the inside temperature you’d like. For the first couple of months, it worked like a charm, then for whatever reason, it stopped working.

Front view of a similar model
Front view of a similar model

I noticed one day that the digital gauge showed the ambient room temperature. I tried unplugging it, letting it rest – I would have rebooted it, but there wasn’t any way to do so. So it sat. No longer cooling, no longer keeping my wine just the way I like it.

The other day, I received a couple of bottles of wine for my birthday, nice enough that I wanted to make sure they would keep until I had a chance to enjoy them. This got me thinking about my non-working wine refrigerator again. I decided I’d do a search on the internet (yay interwebs!) to see if anyone else was having a similar problem.

Turns out, a number of people have had the same problem – the fans just stopped working and nothing would make them come back on.

I found a whole lot of people complaining about the product, and how it didn’t work, but not a lot of help. Finally, after a number of pages, thank you Google, I was able to find someone that solved the problem so many people were suffering with.

The root cause of the problem was pretty simple. The manufacturer used a very small fuse, 5 amp, when the design really required a 7 amp fuse. You wouldn’t think that two amps would make such a difference, but there you have it.

If you happen to have one of the fancy, cheap wine refrigerators that’s not working here’s how you can fix it. I’ve added some pictures, in case you’re not sure what’s going on.

Note: I am not an electrician. I’m just someone that likes to tinker. While I don’t think this is difficult to do, you’re really on your own here. These steps that I’ve followed worked for me, though your mileage may vary. Please proceed at your own risk.

You’ll need a few supplies:

  1. Soldering iron, with solder
  2. 7amp fuse (#270-1029)*
  3. Inline fuse holder (#270-1281)*

* Radio Shack part numbers. I already had a soldering iron, so the fuses and fuse holder cost me about $6.

Unplug the refrigerator. Seriously. Unplug it. Before you open the back, unplug it.

Open up the back of the refrigerator that you just unplugged. You’ll need to remove a number of small Phillip head screws. You can take the entire metal cover off, but you probably don’t have to. I removed the top set of screws, so that I could easily access the circuit board behind it.

Circuit Board w/o Fuse
Circuit Board w/o Fuse

There are three more screws holding in the white / cream colored circuit board mounting bracket. Remove those screws too, so that you can easily get to the circuit board. Unplug the power line that runs to the circuit board. You can leave the other wires, on the left side attached, if you’d like.

Find the four really small screws that hold the circuit board to the mounting bracket. You’ll need to get all of those out, as you’ll have to get to the back of the circuit board to remove the inline fuse.

I left the small wires on the left attached, so the circuit board was hanging from the back of the unit. I set it on a small box to keep it steady while I got everything else ready.

Find the U-shaped fuse in the upper left hand corner of the circuit board. I forgot to take a picture of this step, sorry about that. It’s pretty easy to find though. Look for the black heat shrink wrapped fuse. It’s soldered to the board in a U shape.

Fuse - already removed
Fuse - already removed

Next, you’ll need to figure out which posts need to be de-soldered. It is not as difficult as it sounds, really. On mine, there was an empty space next to one of the posts, so it was easy to find. Once you’ve identified the posts, use the hot soldering iron to re-heat the existing solder and pull out the fuse.

The new fuse holder will have a number of strands of wire under the protective sleeve. You’ll need to cut it down a bit, I took off about an inch and a half from each end. Then just peel back the casing to expose the wires. I exposed about 3/4 of an inch of the wires. Given that you’ll be putting the wires into a very small hole, you’ll need to prepare the fuse holder wires a bit.

I separated about a third of the wires and twisted them together to get a tight point. The other two thirds, I carefully wrapped around the base of the tightly wound strand. (I really should have taken a picture of this, to make it more clear.) Once you have that done, slide one part of the fuse holder wire into the one of the original holes on the circuit board. I bent the wires that were sticking through so they would stay in place.

Next, just use the hot soldering iron and solder to connect the wire to the board. This part is really that simple.

You’ll need to repeat the process with the other half of the fuse holder. Once that’s done, you will have an open fuse holder that is well connected to the circuit board.

Next step is to insert the 7 amp fuse into the holder and close it up. That’s pretty easy, in that you just have to push the ends together and twist until they lock.

Now just mount the circuit board back on the plastic holding frame, being careful not to touch the solder points, as that might still be a bit warm. Mount the board holder to the back of the refrigerator unit using the same three screws you removed earlier.

Make sure that you plug the power wire back into the circuit board and then close up the protective cover on the back. That’s it… It really was that simple.

Plug the refrigerator back into the wall, and you’re good to go. You should now have a functional front panel and you should hear the fans running.

I’ve included some pictures, to help explain the process some… Enjoy and good luck!

The Saros Cycle and a Solar Eclipse

Animated image of the solar eclipse of July 22, 2009
Animated image of the solar eclipse of July 22, 2009

The Saros cycle is an eclipse cycle with a period of about 18 years 11 days 8 hours that can be used to predict eclipses of the Sun and Moon.

The eclipse is part of series 136 in the Saros cycle, like the record setting Solar eclipse of July 11, 1991.

The exceptional duration is a result of the moon being near perigee, with the diameter of the moon 8% larger than the sun (magnitude 1.080). This is second in the series of three eclipses in a month. There was a lunar eclipse on July 7 and now a solar eclipse on July 22 and then a lunar eclipse on August 6.

This solar eclipse will last for up to 6 minutes and 39 seconds, in the maximum visibility area.

For more information, check out the Wikipedia page, Solar Eclipse of July 22, 2009.

If you’re interested in ways to view the event online, NASA has some great resources. You can also get some great information about the eclipse and how to watch it at Techdreams.

Going Old School

Old school typewriter
Old school typewriter

With all of the technology issues I’ve been fighting with lately, I’ve been thinking about going old school for my web site. Forget all of this fancy Web 2.0 crap, forget WordPress. Hell, forget about the interwebs all together.

I’m thinking that a paper based, aged news, product is the way to go. I think its time to get a fancy typewriter and start a weekly newsletter… Something like The Lone Gunman.

Think about the possibilities! I could get a duplicator and a paper folder and have a fancy folded newsletter.

Distribution would be a snap too. Just make a few hundred copies and drop them off at the library, coffee shops, bars, and what-not. What could be easier?

Once I hit it big, I could invest in a printing press, I’m sure there are a number of those available right now, with all the news organizations going out of business. I could probably even find some people to run the printing press for me.

Yeah… now we’re talkin’.

Just think about it. No more backups, web sites, tweets, links, comments, pings, track backs – sounds like simplicity to me!

One more time down the hole…

Right down the drain!
Right down the drain!

Not that long ago, I wrote about the trouble that my hosting provider had with a particularly vicious hack. Well, since then, things really don’t seem to be back to “normal”.

Normal, as in, things working like they used to. There were a number of permisson problems, cPanel didn’t really seem to work quite right, and it turns out, “full” backups weren’t working either.

Sometime yesterday, Hole in the Wall Hosting went down, and my sites, ledwith.org included, went with it. There has been very little communication from the folks at Hole in the Wall. In fact, over the past week, they’ve been fairly mum. Down right avoiding me, I think.

You know the saying;

Fool me once, shame on you. Fool me twice, shame on me.

Well, I decided to take that advice to heart. We’re now using Lithium Hosting, and I hope we’re on to bigger and better things.

Here’s the kicker… Seeing how everything had come crashing down around me recently, I was making backups of the entire site every day. I was even moving those backup files to my home computer network. So when everything fell apart, I wasn’t too alarmed.

Until I decided to open up one of those full backups and found it was corrupted. Nonplused, I tried the previous day’s full backup. Corrupted. Turned out to be a trend. All of the full backups done with via cPanel were no good.

Thankfully, I had a manual backup of the file system and the databases from a few days earlier. So we’re back, we’re online… we’re missing some stuff (again), but at least the site is running again.