воскресенье, 30 августа 2009 г.
Bonnie.NET cryptographic API
Bonnie.NET is a cryptographic API written for the Microsoft® .NET Framework. It allows the generation and management of cryptographic objects based on the today most used cryptographic algorithms. Bonnie.NET reorganized the cryptographic classes of the Microsoft® .NET Framework giving to them a more developer-friendly common interfaces. Those permit the utilization of cryptographic elements even to the novices, allowing however the possibility to the cryptographic experts to implement complex cryptographic systems. From a security point of view, Bonnie.NET is developed and maintained with great attention about security and code security. In fact, all the cryptographic operation are based on the today most secure standards and those are combined with the excellent protection level achieved by the .NET framework 3.5. All cryptographic data are kept secure in memory by the utilization of the SecureString class and ProtectedMemory class of the .NET framework. Moreover, the cryptographic objects inside the API are disposed and immediately garbage collected as soon as they complete their job. All the assembly methods are controlled by implementing the code access security (CAS) features of the .NET framework. This permits to control, inside the assembly, every operation that can be exposed to a security risk. Bonnie.NET implements CAS policy in such a way that, accessing to the system resource, all permissions are denied exception made for those that must be strictly utilized. For those, checks about permissions of the callers are made. Finally, all the methods of the API implement a sophisticated mechanism for the exception management, allowing the developer the control, in an accurate way, of all the exception conditions that can occur during the Bonnie.NET utilization, giving to her/him the possibility to monitor all the security checks performed when those checks detect some failure.