API tools faq
paste
Advertisement
solobt777

Securing Local Data

solobt777
Mar 30th, 2017
117
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.52 KB | None | 0 0
raw download clone embed print report
  1. Xamarin.Auth - store local data using crossPlatform PCL - you can download Xamarin.Auth using the Component store or NuGet Manager - it is a software package, it allows you to store sensitive user data on the device.
  2.  
  3. a. Also, it allows you to securely connect to OAuth Services.
  4. b. Behind the scene, it uses each platforms Native API to store you data
  5.  
  6. Xamarin.Auth contains to class Account / AccountStore
  7. - Accounts object is actually designed to work with Social Networks it has a cookieContainer property, if you are not working with Social Network, your are very likely to leave this.
  8. public Class Account
  9. {
  10. public virtual string UserName {get; set;}
  11. public virtual Dictionary<string, string> Properties {get; private set; }
  12. public virtual CookieContainer Cookies {get; private set; }
  13. }
  14.  
  15. - You just allocate the account object and load the user data into the properties as show below :-
  16. var account = new Account();
  17. account.Username = "Ann";
  18. **** note account object stores only string, incase if you have bytArrays you need to convert that to string
  19. account.Properties.Add("password", "....");
  20. account.Properties.Add("access_token", "....");
  21.  
  22. *** AccountStore class is responsible for store Accounts objects on the device -
  23. public abstract class AccountStore
  24. {
  25. public abstract IEnumerable<Account> FindAccountsForService(string serviceId);
  26. public abstract void Save (Account account, string serviceId);
  27. public abstract void Delete(Account account, string serviceId);
  28. }
  29.  
  30. - you can create an instance of the AccountStore using factory method called AccountStore.Create();
  31. AccountStore store = AccountStore.Create();
  32. store.Save(account, "your key, can be any string");
  33.  
  34. - how to retrieved the data from the local store
  35.  
  36. var accounts = store.FindAccountsForService("you give key");
  37.  
  38. foreach(var account in accounts)
  39. if(account.Username == "Ann")
  40.  
  41. 1. This can be done even through using platform specific API, but it is inconvenience, since writing code multiple times
  42. Apple using - Keychain
  43. Droid using - Keystore
  44. Window using - PasswordValut
  45.  
  46. 2. Encryption / Decryption using PCLCryto plugin - download using Nuget
  47. a. Hash Password using PCLCrypto
  48. b. Encrypt / Decrypt data using PCLCrypto
  49.  
  50. Below Video URL explains More
  51. https://university.xamarin.com/videos/ent170-securing-local-data
  52.  
  53.  
  54. ****** How to use Crypto API using PCLCrypt API as a crossPlatform *******
  55. 1. Each platform has Crypto API
  56. 2. Mono Provides Crypto APIs
  57. 3. 3rd-party PCLCrypto API
  58. 4. 3rd- party libraries (e.g. Bouncy Castle)
  59.  
  60. we have a choice to choose a lot of other third party API's are also available... but we you are planning to use this for the low-powered Mobile Device - we need to consider the efficiency of implementation may he a high-priority for us...
  61. an example of efficiencies -
  62. a. Some platform APIs are implemented in hardware of some crypto algorithms, which typically make the significantly faster to execute.
  63.  
  64. PCLCrypto providing Services
  65. - Asymmetric Encryption
  66. - Symmetric Encryption
  67. - Cryptographic Hash
  68. - Message Authentication Code
  69. - Random Number Generation
  70.  
  71. *** how to use Hashing to the locally stored password ****
  72. a. Generate a cryptographic hash
  73. b. Hash passwords
  74. 3. Validate passwords
  75.  
  76. *** if you apply a hashing algorithm to the password text it is highly difficult to determine original plaintext password from a hash.
  77. **** when Hashing the password it is a best practice to add random data to the password before hashing - this randomizing data is (called 'salt').
  78.  
  79. PCLCrypto provides API for generating random bytes -
  80. byte[] salt = WinRTCrypto.CryptographicBuffer.GenerateRandom(32);
  81. Note: while saving the password as the hash, we need to save the salt value associated to it... this help us to validate the user inputted password.
  82.  
  83. Hash Algorithm Choice
  84. * Consider using the most secure algorithm available on your target Platform(s)
  85. PCLCrypto API has below algorithm -- but you should verify the algorithm is available on your target platform (i.e. read the PCLCrypto docs and/or source code)
  86. public enum HashAlgorithm
  87. {
  88. Md5,
  89. Sha1,
  90. Sha256,
  91. Sha384,
  92. Sha512,
  93. }
  94.  
  95. *** reasonable choice can use this three Sha256, Sha384, Sha512...
  96.  
  97. public static byte[] GetHash(byte[] data, byte[] salt)
  98. {
  99. byte[] saltedData = new byte[data.Length + salt.Length];
  100. Array.Copy(salt, saltedData, salt.Length); //sourceArray,destnicationArray,length
  101. Array.Copy(data,0,saltedData, salt.Length, data.Length);
  102. var sha = WinRTCrypto.HashAlgorthmProvider.OpenAlgorithm(HashAlgorithm.Sha256);
  103. retun sha.HashData(saltedData);
  104. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!