The use of the Transport Layer Security (TLS, formerly known as SSL) is becoming increasingly prevalent to secure network communication, particularly with the browser and search companies pushing web sites to move to HTTPS instead of HTTP. This post discusses the options for using TLS over Tcl sockets and specifically some important potential pitfalls to keep in mind with respect to certificate validation. The discussion is limited to client-side operation.
Having gone through several introductory posts covering background material such as CSP's, contexts, key containers and methods of key generation, we are now ready to delve into the actual cryptographic operations that use symmetric algorithms in detail.
In a prior post, I described the use of Windows CryptoAPI to compute message digests and message authentication codes which ensure integrity of messages. We now move on to the use of symmetric algorithms in cryptography, which can be used for both message confidentiality and integrity. Asymmetric algorithms will be covered in future posts. Refer to the introductory post in this series for the difference between the two.
In my prior post, I introduced several abstractions — Cryptographic Service Providers, cryptographic contexts and key containers — that are part of Windows CryptoAPI and promised to look at cryptographic keys next.
Well, I changed my mind, figuring it might be better to first talk about simpler operations that do not require the use of keys at all. This post thus describes the generation of hashes, message digests and message integrity codes using Windows CryptoAPI and TWAPI.
This is the second in a series of posts on the use of cryptography on Windows. The previous blog post introduced the basic concepts related to cryptography. Here we delve into how those concepts are implemented in Windows at a system or architectural level and of course, how one accesses them from Tcl. This will lay the ground for discussing the actual cryptographic operations in future posts.
Security is currently the No. 1 priority for the software industry; and if that's not the case, it should be, given the current state of affairs with daily reports of major computer break-ins, credit card fraud, identity theft etc. It is important for applications, and application writers, to be aware of these issues and make use of all available technologies to protect against attacks.
There is no shortage of hotkey programs for Windows, many of them of high quality. And of course Windows itself allows you to define hotkeys. However, a hotkey program in Tcl is not only very simple to write, it offers the full flexibility and power of Tcl behind it. Meaning what exactly? Read on.
There are times during software development when you want to run in interactive mode with maximum privileges on a system, be God as it were. One might think running as Administrator would do it but it doesn't. To be truly omnipotent on Windows, you have to run under the LocalSystem account[1]. It is easy enough with Tcl and this post shows you how. As a side bonus, it also describes how to inject processes into the interactive user's desktop to run under the user's account as well.
One of the strengths of Tcl is the ease of integration with other software, whether they be COM components, libraries or even executable programs that are not designed for interaction with other programs. Here we look the facilities Tcl offers related to the last of these -- running external programs and optionally interacting with them using standard I/O mechanisms.