Cryptography in .NET : Advanced Encryption Standard (AES)

I have released an Open Source libray under the GPL 3.0 license called Block Encrypter that builds on the code discussed in this article. If you need to do reliable and secure symmedtric encryption then this library would be very useful to you.

I thought I would start a little series on using some of the cryptography primitives in .NET. Cryptography and Encryption is something that most developers working on enterprise applications will come across, especially if you work in the financial services industry.

Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)

Whilst cryptography is a fascinating subject and the design of these algorithms is very interesting, I do not recommend using an algorithm that you have designed yourself. The standard algorithms in practice today have been through lots of analysis by experts both in private industry and governments all around the world trying to find faults and weaknesses, so you are much better off using these recommended systems.

The main algorithms fall into 2 categories, Symmetric encryption and Asymmetric encryption. Symmetric encryption contains algorithms that are based solely on an encryption key. For example, if you encrypt some plaintext with Key1 you get a cipher text out the other end. If you then decrypt the cipher text with the same key (Key1) you will get back to the original plaintext.

Asymmetric encryption works by having 2 keys, a public and private key. These keys are mathematically derived from each other. The public key can be used by anyone and the private key has to be kept secret. I will talk about asymmetric encryption and more specifically RSA in another post.

For this first article I am going to look at the AES symmetric algorithm. AES stands for the Advanced Encryption Standard. This was a competition winner when the National Institute of Standards and Technology ran a contest to replace the already broken DES algorithm.

What I will show in this article is a good practical implementation of AES in .NET. We will start with the following interface. The interface contains 2 methods, Encrypt and Decrypt. They methods take cipher text/plaintext and an encryption key.

using System;

namespace CryptoLibrary
{
    public interface IAES
    {
        string Decrypt(string ciphertext, string key);
        string Encrypt(string plainText, string key);
    }
}

System Monitoring – Part 4 : Dashboards

This is the fourth article in my series on systems monitoring for software developers. In this article I want to talk about using dashboards for displaying information generated by your monitors.

The system monitor discussed previously will collect a lot of data from different systems. The amount of information that is collected can be vast and in its raw form may not be that useful except to people who really understand what the data represents. The key thing with a dashboard is to break this information down for different users. This may be a complete view of the data, or just a subset for different purposes, so you have to think about the context in which the data is going to be provided and the intended audience.

For me, a key requirement of the dashboard I built was to make the data from the monitor available to my development and operations team in an easy to view format. This dashboard contains more technical information including exceptions as that is more appropriate for the intended audience. You may need to provide another dashboard to key business stakeholders. The level of information you provide here would most likely be different and contain more business level data.

Your dashboard may be viewed in different places. This might include a large TV attached to the wall, projected against a wall, or the dashboard might be run on a person’s desktop computer. If you are displaying the dashboard in a place where people cannot interact with it, i.e. on a large TV Screen, then you want to make sure the dashboard automatically refreshes itself. I will cover this more later on in the article.

Types of Dashboard

Technology

You really are spoilt for choice these days when it comes writing a dashboard. You can keep the display simple or you can really embellish the presentation. As I said earlier, it depends on your target audience. I personally find that keeping the display simple is the best thing to do. I have seen some dashboards that go overboard with dials, speedometers and other fancy graphics, and these can confuse the information you are trying to communicate if you are not careful.

Windows Application

You can develop your dashboard as a native application. This is what I did with my own solution for the company I work for.  I work at a company that is based around the Microsoft stack, so this really gave me 2 choices as a .NET developer; Winforms or WPF. As I needed to get the dashboard up and running quickly I used Winforms, mainly because I am very familiar with this particular technology. WPF would also have been a very good choice.

Monitor Application Screenshot
Monitor Application Screenshot

My dashboard was aimed squarely at a technical audience, so the level of detail could be higher. The context of the dashboard was to allow developers spot any problems in our critical systems. I decided to keep the screen design very simple. I used a tabbed control, where each tab represented one sensor from the xml stream written out by the monitoring system.

Agile Software Development In 5 Minutes

I have released a course on Pluralsight called Agile Fundamentals that talks about Agile Software Development in detail.

I have also written an article on Common Agile Misconceptions.

Recently, I have been doing lots of recruitment for .NET consultants. Each of the CV’s we receive all stress that they are experienced in working in agile development shops. This is great. We are an agile development company so these people sounds like a great fit.

Agile Software Development - Embracing Change
Agile Software Development – Embracing Change

So we get them into an interview and ask them, ‘What does agile mean?’, ‘How do you know if your team is truly agile?’ It’s at that point we get the standard list of responses:

  • We do Test Driven Development.
  • Daily stand-ups.
  • We pair program.
  • We use continuous integration.
  • We use SCRUM, KanBan, XP etc.
  • Use work in iterations.
  • We use story points.
  • We calculate team velocities.

These answers are all well and good, but they don’t describe what an agile team is. These are all just facilitators to being agile. What’s even worse is that these interviewees seem to have not heard of the agile manifesto.

Book Review : The Architecture of Open Source Applcations

I am a bit of a book worm, especially with technical books. I love nothing more than to extend my knowledge on my craft. I wanted to let you know about a book that I have been reading recently that is absolutely fascinating. The book is called, the Architecture of Open Source Applications.

The idea behind the book is simple. If you were an architect constructing buildings, you wouldn’t do so without studying how other buildings are constructed. The premise is the same for software. As a software developer / solutions architect, how can you design applications without first studying how other applications are designed and built? That is exactly what this book does.  This book covers 25 open source applications and discusses how they were built and designed.

Amazon.com Paperback | Kindle

Amazon.co.uk Paperback | Kindle

Architecture of Open Source Applications
Architecture of Open Source Applications

Unit Test Coverage, Code Metrics, and Static Code Analysis

Back in a previous article I discussed a process I now do with my team to conduct code reviews. The idea is to drive up code quality by better use of the tools available to developers. By focusing on the tools and process that we follow to develop code we can collectively drive up quality. The basic process was as follows:

  • Get the code out of source control fresh.
    • Does it build? Yes then continue, No then stop the code review.
  • Run the unit tests.
    • Do they run and all pass? Yes then continue, No then stop the code review.
  •  Check the unit test code coverage.
    • Is the coverage around >60%? Yes then continue, No then stop the code review unless there is a good excuse for the coverage that the review team are happy with.
  •  Check the code metrics (Cyclomatic Complexity and Maintainability Index)
    • Are the metrics within agreed boundaries? Yes then continue, No then stop the code review.
  •  Run the static code analysis against the agreed rule set?
    • Are there any warnings / errors? Yes then stop the code review, No then continue.
  • Once you get to this point, the development practices have been followed and you can proceed to review the actual code.

All of the tools I discussed above are available as standard to developers who use Visual Studio Enterprise Edition, except Resharper/CodeRush etc.

Unit Test Coverage

Whilst you are developing your software you should be writing tests to exercise that code. Whether you practice test driven development and write your tests first or write tests after the fact, you need a decent level of test coverage. This gives you a level of confidence that the code you are writing does what you expect it too. Also, it gives you a safety blanket when you need to refactor your code. If you make a change in one area, does it break something somewhere else? Unit tests should give you that answer.

The screen shot below, shows the Test Explorer view in Visual Studio 2012. From this view you can run all of your unit tests. As of Visual Studio 2012 Update 1, you can group you tests based on pass outcome, length of execution and project. Think of this view as your project health dashboard. If you have a good level of coverage and they are all green, then you can carry on developing. If you have any red tests then you need to work out why and fix them. Don’t let this view lead you into a false sense of security though. You still need to write tests to a decent level of coverage and ensure you are testing the right things.

Visual Studio 2012 - Test Explorer
Visual Studio 2012 – Test Explorer

You can check your test coverage very easily in Visual Studio. First you can click the little drop down ‘Run’ menu in the Test Explorer, or you can open the ‘Test’ menu in Visual Studio, and then open up the ‘Analyse Test Coverage’ and select ‘All Tests’. This will give you a view similar to below.

Booting Windows 8 Straight to the Desktop

I recently decided to give Windows 8 a try on a spare laptop as I was keen to see what Microsoft had done with it. I normally don’t jump on new versions of Windows straight away as I don’t really have a need with the sort of work that I do. But curiosity got the better of me this time.

My first impressions are generally very good. I found not having the traditional Start menu strange at first, but after a while I didn’t really miss it. What is useful is you can press ‘Windows Key + X’ and you get a stripped down version of the start menu with the important links like Control Panel, Run, Search etc.

The new Tiles screen (formally Metro) is quite nice, and I can certainly see how this would be great on a tablet or touch screen. When you work on a desktop machine or traditional laptop, I find it best to think of the Tiles screen as a fancy Start Menu that you can switch too with the Windows Key.

But being as picky as I am, I wanted Windows 8 to boot straight to the desktop. This is possible, but there is a little setup which is very easy to do.

Just follow the next few steps and you will have Windows 8 booting straight to the desktop.

  • First load up the Windows Task Scheduler. The easiest way to do this is to go to the Windows 8 search bar and type ‘Task’.
Boot Windows 8 to Desktop : Task Scheduler
Boot Windows 8 to Desktop : Task Scheduler

Softening the Blow of the Visual Studio 2012 User Interface

I really like Microsoft’s new version of Visual Studio. I even like where they are going with the user interface, but out of the box, I don’t think it is perfect. I really don’t like the SHOUTY uppercase menus, and whilst I don’t mind the default colour theme too much, it isn’t great for staring at on a long coding session.

In this post, I will cover 2 very easy tweaks that you can do to Visual Studio 2012 to make the user interface much better (in my opinion of course). I have recently been getting my team to update parts of our code base to the new tool set  and most people had the same feelings about the user interface as me, but most of the team have now done these tweaks.

Turn Off Upper Case Menus

Visual Studio Upper Case Menus
Visual Studio Upper Case Menus

I don’t know why Microsoft decided to go with the Upper Case menus, but it is really easy to disable them. Just follow these basic steps.