Home / My Disclaimer / Who am I? / Search... / Sign in

// Open Source

Creating Authority-Signed and Self-Signed Certificates in .NET

by Steve Syfuhs / February 09, 2014 03:19 PM

Whenever I get some free time I like to tackle certain projects that have piqued my interest. Often times I don’t get to complete these projects, or they take months to complete. In this case I’ve spent the last few months trying to get these samples to work. Hopefully you’ll find them useful.

In the world of security, and more specifically in .NET, there aren’t a whole lot of options for creating certificates for development. Sure you could use makecert.exe or if you’re truly masochistic you could spin up a CA, but both are a pain to use and aren’t necessarily useful when you need to consistently create signed certificates for whatever reason. Other options include using a library like BouncyCastle but that can be a bit complicated, and given the portable nature of the library, doesn’t use Windows APIs to do the work.

So I offer some sample code. This code should not be used in production. Please. Seriously. It’s not that good. Its great for testing, but its in no shape whatsoever for production systems. That’s why CAs are built.

In any case I’ve put the code up on Github. There is no license so use it as you see fit so long as it doesn’t come back to bite me in the ass. Winking smile

This gist shows how you can create self-signed certificates and how you can then sign the certificates of those keys with a CA’s private key. The calling code is in the KeyGenSigning project, and the actual meat of the signing is done in the CertLib project. The key generation and signing bits are mostly P/Invoke’d APIs so they execute fairly fast.

Currently the code relies on CSPs to do the work. In theory it could work with NCryptoKey’s but I haven’t tried it yet.

In any case, enjoy. Hopefully you found this useful.

My First CodePlex Project!

by Steve Syfuhs / February 03, 2010 04:00 PM

A few minutes ago I just finalized my first CodePlex project.  While working on the ever-mysterious Infrastructure 2010 project, I needed to integrate the Live Meeting API into an application we are using.  So I decided to stick it into it’s own assembly for reuse.

I also figured that since it’s a relatively simple project, and because for the life of me I couldn’t find a similar wrapper, I would open source it.  Maybe there is someone out there who can benefit from it.

The code is ugly, but it works.  I suspect I will continue development, and clean it up a little.  With that being said:

  • It needs documentation (obviously).
  • All the StringBuilder stuff should really be converted to XML objects
  • It need's cleaner exception handling
  • It needs API versioning support
  • It needs to implement more API functions

Otherwise it works like a charm.  Check it out!

The Boston Tea Party has gone Batty

by Steve Syfuhs / August 25, 2009 04:00 PM

This morning I saw an interesting post on Twitter.  Which in-and-of-itself is kinda amazing, but that’s not the point.  The post was on something called the Windows 7 Sins site.  It is a campaign created by the Free Software Foundation to highlight everything that is wrong philosophically with Windows 7.  Now, I’m all for philosophical debates, but this is just plain batty.  So what did I do?  I acted!  I emailed the FSF people at campaigns@fsf.org the following email:

Ya know, if you sold software, you wouldn’t need to keep asking people for money. Basic principle of economics. Just sayin.

Also, a widget provides functionality and interaction. An image doesn’t. See the Windows 7 Sins “widget”.

Now, what I don’t get is this whole Boston Common thing. Is this an attempt at recreating the Boston Tea Party, except with (what I hope is) more regard for the environment and not tea, but software, as the “widget” proposes? If this were the case, in order to get a hold of said software, legally, you would need to buy it. Sounds counterintuitive.

Unless you are proposing people illegally obtain, as per license agreements define, the software and do what they will with it. Which is pretty much just plain ol’ illegal. “So was the Boston Tea Party” is an excellent counter argument. However, the Tea Party was about rebellion from a Government, not a company. The government makes laws, a company does not. The rebellion was against unfair taxation, something the Government controls. Unless of course you are rebelling against the government too. Which I guess is ok, except the government has already ruled against Microsoft in many cases regarding such topics as anti-trust, anti-competitive nature, etc. They don’t like ‘em either. Well, the justice department doesn’t anyway.

I just don’t get it.

Regards,

Steve Syfuhs
Software Developer and/or Architect Guy

I wonder how many people I annoyed with it.  We shall see.

Stop Complaining About Software Expenses

by Steve Syfuhs / July 19, 2009 04:00 PM

It’s been a long week, and it’s only Monday.  It all started with an off-the-cuff comment.  It was of the petty nature, and it certainly wasn’t accurate.  It seems that is usually the case with petty comments.

I was berated for suggesting SharePoint Services as a replacement for our ageing intranet, and the commenter responded with a quick “SharePoint?  Microsoft makes that, it’ll cost too much.  Our current java site works just fine, and it’s free.”  Or something of that nature. 

How do you respond to a petty comment?  It’s pretty damn hard:

  1. While Microsoft Office SharePoint Server 2007 does cost money for licensing, Windows SharePoint Services 3.0 (which MOSS is built on) is free.  Not free as in speech, but free as in beer.  Always has been. 
  2. Java is a terrible language for websites.  It’s slow, and none of the developers in the company know Java.  We all program with .NET languages.
  3. The current intranet is running on an AS/400.
  4. The bulk of the stuff we do on our current intranet could very easily be done in SharePoint, without any development.  And, we can also increase productivity with the added features of team workspaces and free templates for other departments.
  5. The only cost will be in man-hours setting the server up, and migrating content.

Those have been my main arguments since I started working here.  We are a Microsoft shop, but very often choose non-Microsoft products.  Hmm…

The main reason we don’t use Microsoft products is cost.  Plain and simple.  Ironically, that is also the same reason WHY we use Microsoft products.

We use SQL Server, Windows Server 2008, Active Directory (finally!), IIS, MOSS (soon), and program in C#.  We don’t use office 2007, only Office 2003, some computers are still on Windows 2000 and XP.  Only one computer is running Vista, and two are running Windows 7.  But then again, we are a Not-For-Profit company.  Budgets are tight.

This post is NOT a comment on our current state of technology, because like I said in a previous post, we do a pretty good job of staying on the cutting edge in a few cases.

This post IS a comment on the people out there who think cost is the only thing to look at when evaluating a product.  For the love of god, STOP bitching about price.  START bitching about quality.

I can’t stand bad software.  People don’t pay for good software, but then complain about its quality.  Come on!  There is a formula out there that calculates the cost of a piece of software over time.  It takes into account initial cost, and the cost of the updates that follow.  It’s a simple y = mx+b formula.

Now, when you have a higher initial cost, you tend to assume it’s of higher quality.  Put this into the equation, and the number of updates, and the cost to implement these updates goes down.  Over the life of the product, it’s cheaper to go with the software that is initially more expensive.  This is basic business.

What this basic business formula doesn’t show you is the added headaches you get with crappy software.  You tend to end up with silos of systems, and silos of data.  You don’t get integration.  This is where the cost sky rockets.  Or more accurately, this is where productivity decreases.

Ironically…

SharePoint Services 3.0 is free.  It doesn’t cost anything to use.  It’s easy to use, and integrates with most of our internal systems.  I just ruined my entire argument.  Sorta.  SharePoint is a quality piece of software, and over time, it will cost less to use and maintain than any of the other intranet/middleware applications out there.  Most people don’t realize this.

I’ll probably get flack for this one:  Most people don’t complain about software expenses.  They complain about Microsoft expenses.

  • “We give Microsoft too much money, and don’t get enough in return.”
  • “There must be better software vendors out there than Microsoft that are cheaper.”
  • “Why bother upgrading; XP Works fine.”

Have you seen the cost of a friggen Oracle license?  What about IBM’s iSeries?  Novell’s Groupwise?  My jaw dropped when I saw the cost of these things.  I can’t say a single nice thing about Groupwise.  It’s a terrible product.  IBM’s iSeries is pretty good, but it’s limited what you can do with it.  Oracle knows databases, but has a higher license cost than a good chunk of a department’s salary.

Microsoft gets most of our money because it has quality products, at a good price.  Look at a few competing vendors products and compare cost and quality as well as the ability to integrate across platforms.  Revelation is a wonderful thing.  You might think twice before settling on cost.

Open Source Windows

by Steve Syfuhs / December 30, 2008 04:00 PM
Some days you just have to shake your head and wonder. As it turns out, I'm a little late to hear about this, but nonetheless, I'm still shaking my head.

It turns out that Windows has gone open source. And (!!) it's not being made by Microsoft anymore. Well, Windows™ is still made by Microsoft. Windows is now made by a group under the gise of ReactOS.
ReactOS® is a free, modern operating system based on the design of Windows® XP/2003. Written completely from scratch, it aims to follow the Windows® architecture designed by Microsoft from the hardware level right through to the application level. This is not a Linux based system, and shares none of the unix architecture.
So essentially, these people are taking the Windows architecture (based on XP/2003), and redesigning it from scratch. Or rather, are re-coding it from scratch, because redesigning would imply making something different. Sounds vaguely familiar to, oh, something called Vista. Except uglier.



Now, that nagging feeling we are all getting right about now should be visualized as a pack of rabid lawyers. Isn't this considered copyright infringement? They outright define the product as a copy.

And what about the end users? Are all programs designed to run on Windows supposed to be able to run on this ReactOS? Why bother with testing? The XP architecture is now almost 8 years old by now. That means anything designed to run on Vista, or soon to be designed to run on Windows 7, wouldn't stand a snowballs chance in hell, running on ReactOS.

I would love to see how a .NET application runs on it.

// About

Steve is a renaissance kid when it comes to technology. He spends his time in the security stack.