Sie sind auf Seite 1von 52

CRYPTOGRAPHIC IN MILITARY MAILING SYSTEM

Submitted the mini project with partial fulfillment of the requirements for the degree of

Master of Computer Applications


Bharathiar University

By B. MURALI Reg. No. 0838M0543


Under the Supervision and Guidance of Mrs. P. JAYASREE MCA. M.P!"#. Lecturer, Department of omputer !pplications

DEPARTMENT OF COMPUTER APPLICATIONS


HIN$USTHAN COLLEGE O% ARTS AN$ SCIENCE &A''"#"()e* )o B!(r()!"(r U+",ers")yCo"./()ore 0 142038.

"

CERTIFICATE
This is to certify that the mini project work titled
MILITAR MAILIN! S STEM# CR PTO!RAP"IC IN

Submitted in partial fulfillment of the requirements

for the award of the Degree of Master of Computer Application is record of the original work done by $%MURALI &'()(M'*+), under my supervision and guidance

Director !ui-e

Submitted for !niversity mini project viva"voce #$amination held on %%%%%%%%%%%%%%

Internal E.aminer

E.ternal E.aminer

DECLARATION
#

& here by declare that this project work entitled CR PTO!RAP"IC IN MILITAR MAILIN! S STEM# is a record of original work done by me under the supervision and guidance of Mrs% P% /A ASREE MCA%0 M%P1il%0 'ecturer( Department of Computer Applications

)lace*

Date*

Signature

TA$LE OF CONTENTS
PA!E NO% +

C"APTER + INTRODUCTION

TITLE

+ + A,-!T T.# )/-0#CT + + + /&1#ST"S.AM&/"AD'#MA23/SA4 + + 5 6#7 8#2#/AT&-2 + + 9 #2C/7)T&-2 + + : D#C/7)T&-2 + + ; D&8&TA' S&82&28 + 5 )/-,'#M D#<&2&T&-2 + 5 + 6##)S S#C/!&T7 &2 S#2D&28 S#C/#TS M#SSA8# !S&28 /SA + 5 5 M-D!'#S + 5 9 M-D!'# D#SC/&)T&-2 5 S STEM STUD 5 + #=&ST&28 S7ST#M 5 5 )/-)-S#D S7ST#M 9 S STEM SPECIFICATION 9 + S-<T?A/# S)#C&<&CAT&-2 9 5 .A/D?A/# S)#C&<&CAT&-2 : S STEM DESI!N : + S7ST#M D&S&82 : 5 &2)!T D#S&82 : 9 SC.#MAT&C S6TC. -< /SA : : -!T)!T D#S&82 +@ > ;

: ; ,AS&C /SA )/-C#SS ; S STEM TESTIN! ; + !2&T T#ST&28 ; 5 )#/<-/MA2C# T#ST&28 ; 9 &2T#8/AT&-2 T#ST&28 ; : 1A'&DAT&-2 T#ST&28 ; ; -!T)!T T#ST&28 A S7ST#M &M)'#M#2TAT&-2 A2D MA&2T#2A2C# A + &M)'#M#2TAT&-2 A 5 MA&2TA&2#2C#S A 5 + #2C/7)T&-2 A 5 5 D#C/7)T&-2 A 5 9 6#7 8#2#/AT&-2 A 5 : 6#7 '#28T. A 5 ; ?#A62#SS#S &2 /SA > C B +@ CONCLUSION $I$LO!RAP" SCOPE FOR FURT"ER EN"ANCEMENT APPENDI2 +@ + SC/##2 S.-TS +@ 5 SAM)'# C-D&28 +B 5@ 5+ 55 +; +5

AC3NO4LED!EMENT

My heart prayers to my beloved parents( who given me all the grace and power through which & was able to complete in stipulated time

&

& greatly indebted to my principal Dr% N% $ALUS4AMI M%Cop%0 M$A%0 P1%D%0 D%E-%0 .industhan college of Arts and Science( for permitting us to undergo a project work at .industhan college of Arts and Science( Coimbatore & e$press my profound gratitude to Director Dr% A5% SENT"IL 3UMAR MCA%0 M%P1il%0 P%!%D%C%A%0 P1%D%0 an- "OD Mrs% P% SENT"IL 5ADI5U0 M%Sc%0 M%P1il%0 Department of computer Applications( .industhan college of Arts and Science( Coimbatore for fruitful discussion( constant support and encouragement during my project work & e$tremely grateful to my guide Mrs% P% /A ASREE MCA%0 M%P1il%0 who took keen interest in my work and put me in right path ( for valuable suggestions and timely help in each stage of my project My sincere thanks to all staff members of the department of computer applications( for their supportive encouragement & thank our family members( for their immerse encouragement and all my friends( for their help rendered to me in many ways to complete my project

$%MURALI &'()(M'*+),

'

6% INTRODUCTION 6%6%A$OUT T"E PRO/ECT 6%6%6% Ri7est8S1amir8A-leman&Rsa, Al9orit1m The /SA algorithm is named after /on /ivest( Adi Shamir and 'en Adleman( who invented it in +B>> The basic technique was first discovered in +B>9 by Clifford Cocks of C#S8 3part of the ,ritish 8C.D4 but this was a secret until +BB> The patent taken out by /SA 'abs has e$pired The /SA algorithm can be used for both public key encryption and digital signatures &ts security is based on the difficulty of factoring large integers 6%6%:% 3e; !eneration Al9orit1m
"(

8enerate two large random primes( p and q( of appro$imately equal siEe such that their product n F pq is of the required bit length( e g +@5: bits Compute n F pq and 3G4 phi F 3p"+43q"+4 Choose an integer e( + H e H phi( such that gcd3e( phi4 F + Compute the secret e$ponent d( + H d H phi( such that ed I + 3mod phi4

#( $( %(

; The public key is 3n( e4 and the private key is 3n( d4 6eep all the values d( p( q and phi secret

n is known as the modulus. e is known as the public e$ponent or encryption e$ponent or just the e$ponent. d is known as the secret e$ponent or decryption e$ponent.

6%6%)% Encr;ption Sender A does the following*" + -btains the recipient ,Js public key 3n( e4
#( $(

/epresents the plainte$t message as a positive integer m Computes the cipherte$t c F me mod n

: Sends the cipherte$t c to , 6%6%+%Decr;ption /ecipient , does the following*"


"(

!ses his private key 3n( d4 to compute m F cd mod n

5 #$tracts the plainte$t from the message representative m 6%6%*%Di9ital si9nin9 Sender A does the following*"
"( #( $(

Creates a message digest of the information to be sent /epresents this digest as an integer m between @ and n"+ !ses her private key 3n( d4 to compute the signature s F md mod n

: Sends this signature s to the recipient( , ; Signature verification /ecipient , does the following*"
"(

!ses sender AJs public key 3n( e4 to compute integer v F se mod n

5 #$tracts the message digest from this integer 9 &ndependently computes the message digest of the information that has been signed : &f both message digests are identical( the signature is valid

&n the /ivest"Shamir"Adleman3/SA4 method( a binary plainte$t is divided into blocks and a block is represented by an integer between @ and n"+ This representation is necessary because the /SA method encrypts integers The encryption key is a pair3e(n4 where e is a positive integer A message block M3which is between @ and n"+4 is encrypted by raising it to eth power modulo n 3i e 4 (the cipherte$t C corresponding to a message M is given by CFMKe modulo n 2ote that cipherte$t C is an integer between @ and n"+ Thus( encryption does not increase the length of a plainte$t The decryption key is a pair 3d(n4 where d is a positive integer A cipherte$t block C is decrypted by raising it to d th power modulo n 3i e 4 (the plainte$t M corresponding to a cipherte$t C is given by MFCKd modulo n A user = possesses an encryption key 3e=(n=4 and a decryption key 3d=(n=4( where the encryption key is available in public domain( but the decryption key is known only to user = ?henever a user 7 wants to send a message M to user =(7 simply uses =Ls encryption key3e=(n=4 to encrypt the message ?hen = receives the encrypted message( it decrypts it using its decryption key 3d7(n=4 6%:% PRO$LEM DEFINITION 6%:%6%3eeps securit; in sen-in9 secrets messa9e usin9 RSA Al9orit1m< The /SA algorithm can be used for both public key encryption and digital signatures &ts security is based on the difficulty of factoring large integers Encr;ption of secret messa9e< /ather represent the secret message as an integer directly( we generate a random session key and use that to encrypt

the secret message with a conventional( much faster symmetrical algorithm like Triple D#S ?e then use the much slower public key encryption algorithm to encrypt just the session key Decr;ption encr;pte- secret messa9e< The sender A then transmits a message to the recipient , in a cipher te$t format The recipient , would e$tract the encrypted session key and use his private key 3n( d4 to decrypt it .e would then use this session key with a conventional symmetrical decryption algorithm to decrypt the actual message Typically the transmission would include in secret message details of the encryption algorithms used 3C&).#/ Te$t4 The only secret required to be kept( as always( should be the keys 6%:%:% Mo-ules< 6% ENTER T"E TE2T :% $INAR CON5ERSION )% 6=$it con7ersion +% Decimal con7ersion *% Con7ert 6%:%)% Mo-ule Description< ENTER T"E TE2T< &f you wish to enter the te$t or messages to send it <or the purposes to use this module $inar; con7ersion* To converts the binary type 3@ or +Ls4 of your messages

",

6=$it con7ersion< To change the +A bit no format of your messages Decimal con7ersion< To converts the decimal format of your messages Con7ert< After finish it to press the convert for converting the messages

""

5 S7ST#M ST!D7

:%6

#=&ST&28 S7ST#M

&n e$isting system there is a chance to find the key since the key length is short and the probability of finding that key is more( to avoid this we are following some recommended techniques given below #"mail privacy( without some security precautions( can be compromised because

e"mail messages are generally not encryptedM e"mail messages have to go through intermediate computers before reaching their destination( meaning it is relatively easy for others to intercept and read messagesM many &nternet Service )roviders 3&S)4 store copies of your e"mail messages on their mail servers before they are delivered The backups of these can remain up to several months on their server( even if you delete them in your mailbo$M the /eceived* headers and other information in the email can often identify the sender( preventing anonymous communication

:%:% PROPOSED S STEM &n the proposed system( each and every activity of the other users is monitored at specific time intervals ,y reducing the time interval( accurate monitoring can be done ,locking of particular applications from other users access is provided in our system All the internet related activities like the websites visited( the messages sent( the e"mails sent and received can be monitored so that any improper or illegal use of our system can be found out These activities can be prevented by blocking them to other users access Since( all the keys typed are captured( even the passwords typed and
"#

created by the users are recorded that will be of use to us The userLs screen and all the windows opened by him are captured as >mp or ?p9 images and stored at regular time intervals These screen shots clearly reveal all the activities performed by the user and at what time they were performed This software aims at efficiently maintaining and planning to provide automated information about application used by user The system furnishes all the information performed by the user in each application &n proposed system key tracer( mouse spy( capture screen( process running( &nternet addressing are grouped together to form a single application The necessary information can be processed :%:%6% Scope Of T1e Propose- S;stem Monitoring the overall activities 6eep track of all applications 6eep track of all information for the user /eporting with required details when required :%:%:% Features Of Propose- S;stem !ser friendly <ast retrievals Single point system administration and maintenance Added security to system Can be implemented in network #asy to mention an &) address

"$

)% S STEM SPECIFICATION )%6% SOFT4ARE SPECIFICATION <ront #nd ,ackend * * 1, 2et SD'S#/1#/ 5@@@

)%:% "ARD4ARE SPECIFICATION ,ackend Main )rocessor .ard Disk /am Display Type * * * * * SD'S#/1#/ 5@@@

)entium &1 :@ 8, 5;A M, .igh Color C@@ by A@@

)%)% A$OUT T"E SOFT4ARE< 5isual Stu-io %NET 1isual Studio 2#T is the rapid application development tool for CN 1isual Studio 2#T offers complete integration with AS) 2#T and enables to drag and drop server controls and design ?eb <orms as they should appear when user views them Some of the other advantages of creating CN applications in 1isual Studio 2#T are 1isual Studio 2#T is a /apid Application 3/AD4 tool &nstead of adding each control to the ?eb <orm programmatically( it helps to add these controls by using Toolbo$( saving programming efforts

"%

1isual Studio 2#T supports custom and composite controls Can create custom controls that encapsulate a common functionality that might need to use in a number of applications 1isual studio 2#T does a wonderful job of simplifying the creation and consumption of ?eb Services Much of the programmer"friendly stuff 3creating all the =M'"based documents4 happens automatically( without much effort on the programmerLs side Attribute"based programming is a powerful concept that enables 1isual Studio 2#T to automate a lot of programmer"unfriendly tasks %NET FRAME4OR3< The 2#T <ramework is the infrastructure for the new Microsoft 2#T )latform The 2#T <ramework is a common environment for building( deploying( and running ?eb applications and ?eb services The 2#T <ramework contains a common language runtime and common class libraries Olike AD- 2#T( AS) 2#T and ?indows <orms to provide advanced standard services that can be integrated into a variety of computer systems The 2#T <ramework provides a feature"rich application environment( simplified development and easy integration between a numbers of different developments languages The 2#T <ramework is language neutral Currently it supports CPP( CN( 1isual ,asic( and 0script 3The modern version of 0A1ASC/&)T4 MicrosoftLs 1isual Studio 2#T is a common development environment for the new 2#T <ramework

"&

Common Lan9ua9e Runtime< -ne of the design goals of 2#T <ramework was to unify the runtime engines so that all developers could work with a set of runtime services The 2#T <rameworkLs solution is called the Common 'anguage /untime 3C'/4 The C'/ provides capabilities such as memory management( security( and robust error handling to any language that work with the 2#T <ramework %NET class li>raries< The 2et <ramework provides many classes that help developers re" use code The 2et class libraries contain code for programming topics such as threading( file &Q-( database support( =M' parsing( and data structures( such as stacks and queues( this entire class library is available to any programming languages that support the 2#T <ramework ,ecause all languages now support the same runtime( they can reuse any class that works with the 2#T <ramework This means that any functionality available to one language will also be available to any other 2#T language %NET Frame@orA< 1isual Studio 2#T is a development environment( but it is built on and for the 2#T <ramework The 2#T <ramework provides( through a set of class libraries( the functionality used by all of the 2#T languages( including Microsoft 1isual CN and 1isual ,asic 2#T Also underlying these languages is a set of runtime services( called the common language runtime( which manages the e$ecution of code produced out of any and all 2#T languages

"'

1isual ,asic has been around( in various forms( for many years and has become one of the most popular programming languages available -ver time the language has evolved( with each successive version adding( removing( or modifying some aspect( but 1isual ,asic 2#T is by far the most significant change to occur to 1isual ,asic yet Accessin9 Data>ases @it1 ADO%NET< &n 1isual ,asic A @( database connectivity was handled through the Microsoft Active=R Data -bjects libraries 3AD-4( and that set of libraries has evolved into a completely new version for 2#T development Although many of the underlying concepts are the same 3including support for -'# D, data providers4( AD- 2#T is a completely new way to access data as compared to ADUp9ra-in9 E.istin9 Co-e< Moving from one development platform to another is a major undertaking( and if that move can be made gradually the chance of failure is greatly reduced Teams that are already part way into a project using 1isual ,asic A @ may not want to switch tools midway through a development cycle( but they can still do quite a bit to make any future migration as painless as possible Interpreta>ilit; @it1 E.istin9 Co-e< Moving to a new development platform cannot always be done in one single pass( so there will be a need to leverage e$isting application components from 2#T( and to access new 2#T applications from e$isting software C-M is often the key to this interoperability( as 1isual ,asic A @ could create C-M 3Active=4 objects( and 2#T is capable of using these C-M components

")

+% S STEM DESI!N +%6% S STEM DESI!N

+%:% INPUT DESI!N &nput design is the process of converting user"oriented inputs to a compute based formats The goal of designing input data is to make the data entry easier( logical S free of error The input can consist of clustered records or individual real"time messages generated at terminals The input records have to be validated edited( organiEed and accepted by the system before being processed to produce the outputs &f the data going to the system is incorrect then the processing and output will magnify those errors Thus the designer has a number of class objectives in input design To produce a cost O effective method of input
"*

To achieve highest possible level of accuracy To ensure that the input is acceptable to and understood by the user. +%)% SC"EMATIC S3ETC" OF RSA<

+%+% OUTPUT DESI!N -utput design is the very important phase in the designing of a system The important objective of any system is in its capability of producing high quality outputs or reports The output design consists of the screen designs as well as the reports generated +%*% $ASIC RSA PROCESS<

"+

*% S STEM TESTIN! &t is the stage of implementation( which ensures that system works accurately and effectively before the live operation Commences &t is a confirmation that all are correct and opportunity to show the users that the system must be tested with te$t data and show that the system will operate successfully and produce e$pected results under e$pected conditions ,efore implementation( the proposed system must be tested with raw data to ensure that the modules of the system work correctly and satisfactorily objective The purpose of system testing is to identify and correct errors in the candidate system As important as this phase is( it is one that is frequently compromised Typically( the project the schedule or the user is eager to go directly to conversion Actually( testing is done to achieve the system goal Testing is vital to the parts of the system are correctM the goal will be successfully achieved &nadequate testing or non"testing leads to errors that may not appear until months later This creates two problems* The time lag between the cause and appearance of the problem The effect of system errors on files and records within the system A small system error can conceivably e$ploded into much larger problem #ffectively early in the process translates directly into long term cost savings from a reduced number of errors The system must be tested with valid data to achieve its

#,

*%6UNIT TESTIN! A program represents the logical elements of a system <or a program to run satisfactorily( it must compile and test data correctly and tie in properly with other programs errors* synta$ and logical Synta$ error is a program statement that violates one or more rules of the language in which it is written An improperly defined field dimension or error messages generated by the computer 'ogic error deals with incorrect data fields( out"of range items( and invalid combinations output carefully ?hen a program is tested( the actual output is compared with the e$pected output ?hen there is a discrepancy the sequence of instructions must be traced to determine the problem the process is facilitated by breaking the program down into self"contained portions( each of which can be checked at certain key points The idea is to compare program values against desk"calculated values to isolate the problem !nit testing has been performed on all the form modules The synta$ and logical errors have been corrected then and there All the synta$ errors have been rectified during compilation The output has been tested with the manual Since diagnostics do not determine logic errors the programmer must e$amine the Achieving an error free program is the responsibility of the programmer )rogram testing checks for two types of

#"

*%:PERFORMANCE TESTIN! !nit test is considered an equivalent to the coding step

After the

source level code has been developed( reviewed and verified for correct synta$( unit test case begins( since a module is not stand"alone program Drivers or stub software must be developed for each unit test *%)INTE!RATION TESTIN! )rograms are invariably related to one another and interact in the total system #ach program is tested to see whether it conforms to related #ach portion of the system is tested against the programs in the systems system is tested as a whole &ntegration testing is systematic techniques for conducting the program structure ?hile at the same time conducting tests to uncover errors associated with the interfacing The objectives are to take unit tested modules and to built a program that has been dedicated by design There are two types of &ntegration steps( Top down &ntegration ,ottom up &ntegration *%+ 5ALIDATION TESTIN! The validation testing is performed for all the data in the system The data are completely validated according to the companies requested and requirement &n these testing( software is completely assembled as package( interfacing errors have been uncovered and correction testing begins after each one of the two possible conditions e$ists The function or performance

entire module with both the test data and the live data before the entire

##

characteristicLs is confirm specification and are accepted A deviation from the specification is uncovered and efficiency list is created *%* OUTPUT TESTIN! 1arious outputs have been generated by the system The system generated output and the desk"calculated values have been compared All the output is perfect as the company desires &t begins with low volumes of transactions based on live tone The volume is increased until the ma$imum level for each transaction type is reached The total system is also tested for recovery and fallback( after various major failures to ensure that no data are lost during the emergency time

#$

=% S STEM IMPLEMENTATION AND MAINTENANCE =%6% IMPLEMENTATION After proper testing and validation the question arises whether the system can be implemented or not &mplementation includes all those activities that take place to convert from old system to new ?hen an e$isting manual or automated system is replaced( or a major modification is done to an e$isting system( then it will be a new system &n other case( proper implementation is essential to provide a reliable system to meet organiEation requirements User Trainin9< A well"designed system( if not operated and used properly could fail Training the users is important as( if it is not done well enough could prevent the successful implementation of an automated system Through the system development life cycle the user has been involved ,y the stage the analyst should possess an accurate idea of the users( need to be trained =%:% MAINTAINENCES =%:%6% Encr;ption< Fin-in9 Prime Num>ers< The /SA algorithm is based on the properties of prime numbers( so finding them is critical To be secure( the primes should be very large and randomly chosen Commercial implementations take great care when generating random numbers to decrease the probability of an attack correctly guessing the keys /andomly generated integer is prime( which is 3sqrt3n44( where n is the siEe of the integer to test &t is slow but simple to

#%

understand and implement( this is not a problem Serious implementations need to use much faster probabilistic algorithms due to the enormous siEe of the keys Fin-in9 t1e mo-ulo in7erse< -nce we have generated a pair of primes 3p( q4 and have found e such that gcd3 e( 3p " +43q " +4 4 F +( we need to find the inverse of e modulo 3p " +43q " +4 #ssentially( we need to find a such that ae P b3p " +43q " +4 F + This is a Diophantine equation( and can be solved using the #uclidean algorithm E.ponentiation The actual encryption and decryption is performed by evaluating M e mod n( where M is the data and 3e( n4 is the public or private key( depending on if you are encrypting or decrypting Since evaluating Me results in an enormous number( we must take advantage of the properties of modular arithmetic to efficiently evaluate the e$ponentiation The square and multiply algorithm is the simplest method to do this More comple$ algorithms( e$pecially ones which can apply the Chinese /emainder Theorem during decryption( are faster =%:%:% Decr;ption< /SA decrypt value using key key can be a public or private key &f the value was encrypted with the public key then it should be decrypted with the private key( and vice versa 1alue can be

a vector of element"type 3unsigned"byte C4 that was the result of a call to /SA"encrypt integer which was the result of calling rsa"encrypt on an integer
#&

&f value is an 3unsigned"byte C4 vector 3also called an octet vector4 then the result of rsa"decrypt is either an octet array or( if string is true( a string &f value is an integer then the result is an integer /sa"decrypt will signal an error if the given key is so far from the correct key to decrypt the value that it canJt even run the decryption algorithm using it =%:%)% 3e; 9eneration< <inding the large primes p and q is usually done by testing random numbers of the right siEe with probabilistic primality tests which quickly eliminate virtually all non"primes 2umbers p and q should not be Jtoo closeJ( lest the <ermat factoriEation for n be successful( if p T q( for instance is less than 5n+Q: 3which for even small +@5:"bit values of n is 9U+@>>4 solving for p and q is trivial <urthermore( if either p T + or q T + has only small prime factors( n can be factored quickly by )ollardLs p"+ algorithm( and these values of p or q should therefore be discarded as well =%:%+% 3e; len9t1 ?hen we talk about the key length of an /SA key( we are referring to the length of the modulus( n, in bits The minimum recommended key length for a secure /SA transmission is currently +@5: bits A key length of ;+5 bits is now no longer considered secure( although cracking it is still not a trivial task for the likes of you and me The longer your information is needed to be kept secure( the longer the key you should use 6eep up to date with the latest recommendations in the security journals There is small one area of confusion in defining the key length -ne convention is that the key length is the position of the most significant bit in

#'

n that has value J+J( where the least significant bit is at position + #quivalently( key length F ceiling3log53nP+44 The other convention( sometimes used( is that the key length is the number of bytes needed to store n multiplied by eight( i e ceiling3log5;A3nP+44 The key used in the /SA is an e$ample &n he$ form the modulus is @A AA >B +D CA BC C+ AC D# >A ,> >: +B ,, >< ,@ C@ @+ CA 5> +@ 5> @@ >; +: 5B :5 #+ BA CD CC ;+ D@ ;9 ,9 #9 >C 5A +D #; DC ;A <: #, #B B: AC +> @+ +: A+ D< #A >C DC BA BA <; ;D A; ;A 5@ ,, A, The most significant byte @$@A in binary is
00001010'B

The most

significant bit is at position ;@C( so its key length is ;@C bits -n the other hand( this value needs A: bytes to store it( so the key length could also be referred to by some as A: $ C F ;+5 bits ?e prefer the former method 7ou can get into difficulties with the =B 9+ method for signatures if you use the latter convention =%:%*%4eaAnesses in RSA<8 Small encr;ption e.ponent< &f you use a small e$ponent like
e=3

and send the same message to

different recipients and just use the /SA algorithm without adding random padding to the message( then an eavedropper could recover the plainte$t

#)

Usin9 t1e same Ae; for encr;ption an- si9nin9< 8iven that the underlying mathematics is the same for encryption and signing( only in reverse( if an attacker can convince a key holder to sign an unformatted encrypted message using the same key then she gets the original Actin9 as an oracle< There are techniques to recover the plainte$t if a user just blindly returns the /SA transformation of the input So donJt do that Solutions<8 + DonJt use the same /SA key for encryption and signing
#(

&f using )6CSNv+ ; encoding( use eF@$+@@@+ for your public e$ponent

9 Always format your input before encrypting or signing : Always add fresh random padding " at least C bytes " to your message before encrypting ?hen decrypting( check the format of the decrypted block &f it is not as e$pected( return an error( not the decrypted string

#*

B% CONCLUSION /SA is a powerful and most widely used scheme for encryption Q decryption and digital signature &t is more secure than that of D#S and others ,ut as we know that the key length for secure /SA use has increased over recent years( and this has put a heavier processing load on applications using /SA This burden has ramifications( especially for electronic commerce sites that conduct large numbers of transactions /ecently( a competing system has begun to challenge /SA* elliptic curve cryptography 3#CC4 The principal attraction of #CC( compared to /SA( is that it appears to offer equal security for a far smaller key siEeM thereby reducing processing overhead but the confidence level in #CC is not yet as high as that is in /SA Also /SA is fundamentally easier to e$plain than that of #CC The system was designed based on the objectives prepared in the analysis phase of the requirement The motive of the system is to satisfy the secret delivery of confidential data less time( which reduces the cost Testing was also carried out in different formats that specifically define each transaction 1arious users tested the system to prove the efficiency of the project before the major implementation The back"end ensures the efficiency of the data stored in various transactions

#+

(% $I$LIO!RAP"

$ooAs< + 6arl ?atson( /ichard Anderson( V)rofessional 1, 2et + +W( 5@@: #dition( ?ro$ )ublications 5 VSoftware Testing ,est )racticesW by /am Chillier )ublications : Steven .olEner( V1isual ,asic 2#T )rogramming ,lack ,ookW( 5@@9 #dition( Dreamtech )ublications 4e> Sites< + www codenotes com 5 www testing com 9 www dotnetkumar blogspot com : www pondy com
&(

9 /oger S )ressman( VSoftware #ngineeringW( 5@@@ #dition( Dreamtech

www msdn microsoft comQvbasicQtechnicalQarticles asp www microsoft comQnetQdefault asp

$,

C% SCOPE FOR FURT"ER EN"ACEMENT

The application developed is designed in such a way that any further enhancement can be done with ease The system has the capability for easy integration with other systems 2ew modules can be added to the e$isting system with less effort The modules can be complied separately and integrated with the e$isting system ?ith changes in the interface list the project can be enhanced with new methods and modules The system was designed based on the objectives prepared in the analysis phase of the requirement The motive of the system is to satisfy the secret delivery of confidential data less time( which reduces the cost

$"

6'% APPENDI2ES 6'%6% SCREEN S"OTS< MAIN FORM

$#

RSA FORM D 6

$$

RSA FORM D :

$%

6'%:% SAMPLE SOURCE CODE< HX$ml versionFY+ @Y encodingFYutf"CYXZ HrootZ H["" Microsoft /es= Schema ado netQ=M' headers S schema Hresheader nameFYresmimetypeYZte$tQmicrosoft"res$HQresheaderZ Hresheader nameFYversionYZ5 @HQresheaderZ Hresheader nameFYreaderYZSystem /esources /es=/esource/eader( System ?indows <orms( System ?indows <orms( HQresheaderZ HQresheaderZ Hresheader nameFYwriterYZSystem /esources /es=/esource?riter( Hdata nameFY2ame+YZHvalueZthis is my long stringHQvalueZHcommentZthis is a commentHQcommentZHQdataZ Hdata nameFYColor+Y typeFYSystem Drawing Color( System DrawingYZ,lueHQdataZ Hdata nameFY,itmap+Y mimetypeFYapplicationQ$" microsoft net object binary baseA:YZ HvalueZ\baseA: mime encoded serialiEed 2#T <ramework object]HQvalueZ HQdataZ Hdata nameFY&con+Y typeFYSystem Drawing &con( System DrawingY mimetypeFYapplicationQ$"microsoft net object bytearray baseA:YZ HvalueZ\baseA: mime encoded string representing a byte array form of the 2#T <ramework object]HQvalueZ HcommentZThis is a commentHQcommentZ
$&

HQdataZ H$sd*schema idFYrootY $mlnsFYY $mlns*$sdFYhttp*QQwww w9 orgQ5@@+Q=M'SchemaY $mlns*msdataFYurn*schemas"microsoft"com*$ml"msdataYZ H$sd*import namespaceFYhttp*QQwww w9 orgQ=M'Q+BBCQnamespaceY QZ H$sd*element nameFYrootY msdata*&sDataSetFYtrueYZ H$sd*comple$TypeZ H$sd*choice ma$-ccursFYunboundedYZ H$sd*element nameFYmetadataYZ H$sd*comple$TypeZ H$sd*sequenceZ H$sd*element nameFYvalueY typeFY$sd*stringY min-ccursFY@Y QZ HQ$sd*sequenceZ H$sd*attribute nameFYnameY useFYrequiredY typeFY$sd*stringY QZ H$sd*attribute nameFYtypeY typeFY$sd*stringY QZ H$sd*attribute nameFYmimetypeY typeFY$sd*stringY QZ H$sd*attribute refFY$ml*spaceY QZ HQ$sd*comple$TypeZ HQ$sd*elementZ H$sd*element nameFYassemblyYZ H$sd*comple$TypeZ H$sd*attribute nameFYaliasY typeFY$sd*stringY QZ H$sd*attribute nameFYnameY typeFY$sd*stringY QZ HQ$sd*comple$TypeZ HQ$sd*elementZ H$sd*element nameFYdataYZ
$'

H$sd*comple$TypeZ H$sd*sequenceZ H$sd*element nameFYvalueY typeFY$sd*stringY min-ccursFY@Y msdata*-rdinalFY+Y QZ H$sd*element nameFYcommentY typeFY$sd*stringY min-ccursFY@Y msdata*-rdinalFY5Y QZ HQ$sd*sequenceZ H$sd*attribute nameFYnameY typeFY$sd*stringY useFYrequiredY msdata*-rdinalFY+Y QZ H$sd*attribute nameFYtypeY typeFY$sd*stringY msdata*-rdinalFY9Y QZ H$sd*attribute nameFYmimetypeY typeFY$sd*stringY msdata*-rdinalFY:Y QZ H$sd*attribute refFY$ml*spaceY QZ HQ$sd*comple$TypeZ HQ$sd*elementZ H$sd*element nameFYresheaderYZ H$sd*comple$TypeZ H$sd*sequenceZ H$sd*element nameFYvalueY typeFY$sd*stringY min-ccursFY@Y msdata*-rdinalFY+Y QZ HQ$sd*sequenceZ H$sd*attribute nameFYnameY typeFY$sd*stringY useFYrequiredY QZ HQ$sd*comple$TypeZ HQ$sd*elementZ HQ$sd*choiceZ HQ$sd*comple$TypeZ
$)

HQ$sd*elementZ HQ$sd*schemaZ Hresheader nameFYresmimetypeYZ HvalueZte$tQmicrosoft"res$HQvalueZ HQresheaderZ Hresheader nameFYversionYZ HvalueZ5 @HQvalueZ HQresheaderZ Hresheader nameFYreaderYZ HvalueZSystem /esources /es=/esource/eader( System ?indows <orms( 1ersionF5 @ @ @( CultureFneutral( )ublic6eyTokenFb>>a;c;A+B9:e@CBHQvalueZ HQresheaderZ Hresheader nameFYwriterYZ HvalueZSystem /esources /es=/esource?riter( System ?indows <orms( 1ersionF5 @ @ @( CultureFneutral( )ublic6eyTokenFb>>a;c;A+B9:e@CBHQvalueZ HQresheaderZ HQrootZ CR PTO!RAP" &ENCR PT, &mports System &&mports AD-D, /ecordsetClass )ublic Class frmencrypt &nherits System ?indows <orms <orm N/egion Y ?indows <orm Designer generated code Y
$*

)ublic Sub 2ew34 My,ase 2ew34 JThis call is required by the ?indows <orm Designer &nitialiEeComponent34 JAdd any initialiEation after the &nitialiEeComponent34 call #nd Sub J<orm overrides dispose to clean up the component list )rotected -verloads -verrides Sub Dispose3,y1al disposing As ,oolean4 &f disposing Then &f 2ot 3components &s 2othing4 Then components Dispose34 #nd &f #nd &f My,ase Dispose3disposing4 #nd Sub J/equired by the ?indows <orm Designer )rivate components As System ComponentModel &Container J2-T#* The following procedure is required by the ?indows <orm Designer
$+

J&t can be modified using the ?indows <orm Designer JDo not modify it using the code editor <riend ?ith#vents 8roup,o$+ As System ?indows <orms 8roup,o$ <riend ?ith#vents 'abel+ As System ?indows <orms 'abel <riend ?ith#vents 'abel5 As System ?indows <orms 'abel <riend ?ith#vents ,utton+ As System ?indows <orms ,utton <riend ?ith#vents ,utton5 As System ?indows <orms ,utton <riend ?ith#vents ,utton9 As System ?indows <orms ,utton <riend ?ith#vents t$tmessage As System ?indows <orms /ichTe$t,o$ HSystem Diagnostics DebuggerStepThrough34Z )rivate Sub &nitialiEeComponent34 Me 8roup,o$+ F 2ew System ?indows <orms 8roup,o$ Me t$tmessage F 2ew System ?indows <orms /ichTe$t,o$ Me 'abel5 F 2ew System ?indows <orms 'abel Me 'abel+ F 2ew System ?indows <orms 'abel Me ,utton+ F 2ew System ?indows <orms ,utton Me ,utton5 F 2ew System ?indows <orms ,utton Me ,utton9 F 2ew System ?indows <orms ,utton Me 8roup,o$+ Suspend'ayout34 Me Suspend'ayout34 J J8roup,o$+ J Me 8roup,o$+ Controls Add3Me t$tmessage4 Me 8roup,o$+ Controls Add3Me 'abel54 Me 8roup,o$+ Controls Add3Me 'abel+4 Me 8roup,o$+ 'ocation F 2ew System Drawing )oint3+A( +A4
%,

Me 8roup,o$+ 2ame F Y8roup,o$+Y Me 8roup,o$+ SiEe F 2ew System Drawing SiEe3:+A( 5@@4 Me 8roup,o$+ Tab&nde$ F @ Me 8roup,o$+ TabStop F <alse Me 8roup,o$+ Te$t F YMessageY J Jt$tmessage J Me t$tmessage 'ocation F 2ew System Drawing )oint3CC( 5:4 Me t$tmessage 2ame F Yt$tmessageY Me t$tmessage SiEe F 2ew System Drawing SiEe39@:( ++54 Me t$tmessage Tab&nde$ F 9 Me t$tmessage Te$t F YY J J'abel5 J Me 'abel5 'ocation F 2ew System Drawing )oint3C@( +A@4 Me 'abel5 2ame F Y'abel5Y Me 'abel5 SiEe F 2ew System Drawing SiEe35BA( 5:4 Me 'abel5 Tab&nde$ F 5 J J'abel+ J Me 'abel+ 'ocation F 2ew System Drawing )oint3+A( 5:4 Me 'abel+ 2ame F Y'abel+Y Me 'abel+ SiEe F 2ew System Drawing SiEe3;A( 954 Me 'abel+ Tab&nde$ F @
%"

Me 'abel+ Te$t F YType 7our MessageY J J,utton+ J Me ,utton+ 'ocation F 2ew System Drawing )oint3+>A( 55:4 Me ,utton+ 2ame F Y,utton+Y Me ,utton+ Tab&nde$ F + Me ,utton+ Te$t F YSaveY J J,utton5 J Me ,utton5 'ocation F 2ew System Drawing )oint35A:( 55:4 Me ,utton5 2ame F Y,utton5Y Me ,utton5 Tab&nde$ F 5 Me ,utton5 Te$t F Y#ncrptY J J,utton9 J Me ,utton9 'ocation F 2ew System Drawing )oint39;5( 55:4 Me ,utton9 2ame F Y,utton9Y Me ,utton9 Tab&nde$ F 9 Me ,utton9 Te$t F YSCloseY J Jfrmencrypt J Me AutoScale,aseSiEe F 2ew System Drawing SiEe3;( +94 Me ClientSiEe F 2ew System Drawing SiEe3::C( 5CA4
%#

Me Controls Add3Me ,utton94 Me Controls Add3Me ,utton54 Me Controls Add3Me ,utton+4 Me Controls Add3Me 8roup,o$+4 Me 2ame F YfrmencryptY Me Start)osition F System ?indows <orms <ormStart)osition CenterScreen Me Te$t F Y#ncryptY Me 8roup,o$+ /esume'ayout3<alse4 Me /esume'ayout3<alse4 #nd Sub N#nd /egion Dim a As &nteger Dim words As String Dim rs As AD-D, /ecordset )rivate Sub ,utton+%Click3,y1al sender As System -bject( ,y1al e As System #ventArgs4 .andles ,utton+ Click JDim fn As String( p+ As String( s As String( p As String( t As &nteger JDim i As &nteger Jfn F &nput,o$3Y#nter the file name * Y( Y<ile nameY4 JDim fs As 2ew <ileStream3fn( <ileMode Create( <ileAccess ?rite4 JJ<ile-pen3+( fn( -penMode ,inary4 Jp F &nput,o$3Y#nter the password*Y( Y)asswordY4 J<or i F + To 'en3p4 J s F Mid^3p( i( +4
%$

J J

t F Asc3s4 P + p+ F p+ S Chr3t4

J2e$t J<ileClose3+4 Jfs Close34 JDim fs+ As 2ew <ileStream3fn( <ileMode -pen( <ileAccess /ead4 JJ<ile-pen3+( fn( -penMode -utput4 JJ)rint'ine35( allte$t S vbCr'f4 J)rint'ine35( p+4

J)rint'ine35( t$tmessage Te$t4 J<ileClose354

Dim sf As Save<ileDialog sf F 2ew Save<ileDialog sf <ilter F Y_ t$t`_ t$tY &f sf ShowDialog F Dialog/esult -6 Then t$tmessage Save<ile3sf <ile2ame( /ichTe$t,o$StreamType )lainTe$t4 #nd &f #nd Sub

%%

)rivate Sub ,utton5%Click3,y1al sender As System -bject( ,y1al e As System #ventArgs4 .andles ,utton5 Click <or a F 'en3t$tmessage Te$t4 To + Step "+ words F words P Mid3t$tmessage Te$t( a( +4 2e$t a t$tmessage Te$t F words rs F 2ew AD-D, /ecordset rs -pen3Yselect _ from MessageY( cn( AD-D, CursorType#num ad-penDynamic( AD-D, 'ockType#num ad'ock-ptimistic4 rs Add2ew34 rs <ields3YMessageY4 1alue F Crypt3t$tmessage Te$t4 rs !pdate34 rs F 2othing t$tmessage Te$t F Crypt3t$tmessage Te$t4 Msg,o$3Y#ncrypted Message is saved in the DatabaseY( vb#$clamation( Me Te$t4 JcmdSaveTo<ile 1isible F True #nd Sub )rivate Sub ,utton9%Click3,y1al sender As System -bject( ,y1al e As System #ventArgs4 .andles ,utton9 Click Me Close34 #nd Sub
%&

)rivate Sub t$tmessage%Te$tChanged3,y1al sender As System -bject( ,y1al e As System #ventArgs4 .andles t$tmessage Te$tChanged 'abel5 Te$t F YThe ?ord 'ength &sY S 'en3t$tmessage Te$t4 #nd Sub )rivate Sub 8roup,o$+%#nter3,y1al sender As System -bject( ,y1al e As System #ventArgs4 .andles 8roup,o$+ #nter #nd Sub

)rivate Sub frmencrypt%'oad3,y1al sender As System -bject( ,y1al e As System #ventArgs4 .andles My,ase 'oad #nd Sub #nd Class CR PTO!RAP" &DECR PT, &mports AD-D, /ecordsetClass )ublic Class frmDecryp &nherits System ?indows <orms <orm N/egion Y ?indows <orm Designer generated code Y )ublic Sub 2ew34
%'

My,ase 2ew34 JThis call is required by the ?indows <orm Designer &nitialiEeComponent34 JAdd any initialiEation after the &nitialiEeComponent34 call #nd Sub J<orm overrides dispose to clean up the component list )rotected -verloads -verrides Sub Dispose3,y1al disposing As ,oolean4 &f disposing Then &f 2ot 3components &s 2othing4 Then components Dispose34 #nd &f #nd &f My,ase Dispose3disposing4 #nd Sub J/equired by the ?indows <orm Designer )rivate components As System ComponentModel &Container J2-T#* The following procedure is required by the ?indows <orm Designer J&t can be modified using the ?indows <orm Designer JDo not modify it using the code editor
%)

<riend ?ith#vents t$tMessage As System ?indows <orms /ichTe$t,o$ <riend ?ith#vents t$tfromfile As System ?indows <orms /ichTe$t,o$ <riend ?ith#vents ,utton+ As System ?indows <orms ,utton <riend ?ith#vents ,utton5 As System ?indows <orms ,utton <riend ?ith#vents ,utton9 As System ?indows <orms ,utton HSystem Diagnostics DebuggerStepThrough34Z )rivate Sub &nitialiEeComponent34 Me t$tMessage F 2ew System ?indows <orms /ichTe$t,o$ Me t$tfromfile F 2ew System ?indows <orms /ichTe$t,o$ Me ,utton+ F 2ew System ?indows <orms ,utton Me ,utton5 F 2ew System ?indows <orms ,utton Me ,utton9 F 2ew System ?indows <orms ,utton Me Suspend'ayout34 J Jt$tMessage J Me t$tMessage 'ocation F 2ew System Drawing )oint3+A( 5:4 Me t$tMessage 2ame F Yt$tMessageY Me t$tMessage SiEe F 2ew System Drawing SiEe35BA( 5BA4 Me t$tMessage Tab&nde$ F @ Me t$tMessage Te$t F YY J Jt$tfromfile J Me t$tfromfile 'ocation F 2ew System Drawing )oint395C( 5:4 Me t$tfromfile 2ame F Yt$tfromfileY Me t$tfromfile SiEe F 2ew System Drawing SiEe35BA( 5BA4
%*

Me t$tfromfile Tab&nde$ F + Me t$tfromfile Te$t F YY J J,utton+ J Me ,utton+ 'ocation F 2ew System Drawing )oint395@( 99A4 Me ,utton+ 2ame F Y,utton+Y Me ,utton+ Tab&nde$ F 5 Me ,utton+ Te$t F Y8et<ileY J J,utton5 J Me ,utton5 'ocation F 2ew System Drawing )oint3:@C( 99A4 Me ,utton5 2ame F Y,utton5Y Me ,utton5 Tab&nde$ F + Me ,utton5 Te$t F YDecrptY J J,utton9 J Me ,utton9 'ocation F 2ew System Drawing )oint3:BA( 99A4 Me ,utton9 2ame F Y,utton9Y Me ,utton9 Tab&nde$ F : Me ,utton9 Te$t F YCloseY J JfrmDecryp J Me AutoScale,aseSiEe F 2ew System Drawing SiEe3;( +94
%+

Me ClientSiEe F 2ew System Drawing SiEe3A95( 9>:4 Me Controls Add3Me ,utton94 Me Controls Add3Me ,utton54 Me Controls Add3Me ,utton+4 Me Controls Add3Me t$tfromfile4 Me Controls Add3Me t$tMessage4 Me 2ame F YfrmDecrypY Me Start)osition F System ?indows <orms <ormStart)osition CenterScreen Me Te$t F YD#C/7)TY Me /esume'ayout3<alse4 #nd Sub N#nd /egion Dim of As -pen<ileDialog Dim rs As AD-D, /ecordset Dim my&D As &nteger Dim ss As String Dim words As String )rivate Sub ,utton+%Click3,y1al sender As System -bject( ,y1al e As System #ventArgs4 .andles ,utton+ Click of F 2ew -pen<ileDialog &f of ShowDialog F Dialog/esult -6 Then

&,

t$tfromfile 'oad<ile3of <ile2ame( /ichTe$t,o$StreamType )lainTe$t4 #nd &f #nd Sub )rivate Sub ,utton9%Click3,y1al sender As System -bject( ,y1al e As System #ventArgs4 .andles ,utton9 Click Me Close34 #nd Sub )rivate Sub ,utton5%Click3,y1al sender As System -bject( ,y1al e As System #ventArgs4 .andles ,utton5 Click &f ,utton5 Tab&nde$ F + Then Dim temp.old+ As String Dim a+ As &nteger Dim temp?ord+ As String temp?ord+ F Decrypt3t$tfromfile Te$t4 Dim words+ As String <or a+ F 'en3temp?ord+4 To + Step "+ words+ F words+ P Mid3temp?ord+( a+( +4 2e$t a+ t$tMessage Te$t F words+ #lse Dim temp.old As String Dim a As &nteger Dim temp?ord As String
&"

rs F 2ew AD-D, /ecordset rs -pen3YSelect _ from Message where Mess&DFY S my&D( cn( AD-D, CursorType#num ad-penStatic( AD-D, 'ockType#num ad'ock-ptimistic4 &f rs /ecordCount Z @ Then temp?ord F Decrypt3rs <ields3YMessageY4 1alue4 Dim words As String <or a F 'en3temp?ord4 To + Step "+ words F words P Mid3temp?ord( a( +4 2e$t a #nd &f t$tMessage Te$t F words #nd &f rs F 2othing #nd Sub )rivate Sub frmDecryp%'oad3,y1al sender As System -bject( ,y1al e As System #ventArgs4 .andles My,ase 'oad #nd Sub #nd Class

&#