|
I am reading the documentation about the Data Protection API
Consumer APIs Overview — ASP.NET documentation
But when I an the sample on that page I get the exact same result, i.e.
Enter input: Hello world!
Protect returned: CfDJ8ICcgQwZZhlAlTZT...OdfH66i1PnGmpCR5e441xQ
Unprotect returned: Hello world!
Which mean that I could decrypt what they encrypt with that API.
I am a little confuse as to what are the expectations here?
Further it's not quite clear anywhere in the API how to customise so I can use some shared certificate...
I tried to use that
Configure ASP.NET Core Data Protection | Microsoft Docs
but I had lots of trouble messing around with certificate...
|
|
|
|
|
Quote: To unprotect a previously-protected piece of data, pass the protected data to the Unprotect method. (There are byte[]-based and string-based overloads for developer convenience.) If the protected payload was generated by an earlier call to Protect on this same IDataProtector, the Unprotect method will return the original unprotected payload. If the protected payload has been tampered with or was produced by a different IDataProtector, the Unprotect method will throw CryptographicException.
The concept of same vs. different IDataProtector ties back to the concept of purpose. If two IDataProtector instances were generated from the same root IDataProtectionProvider but via different purpose strings in the call to IDataProtectionProvider.CreateProtector, then they are considered different protectors, and one will not be able to unprotect payloads generated by the other.
These two paragraphs tell me that you 'unprotect' a 'payload' you need the same DataProtector used to 'protect' it...
So the question is how do you re-create the DataProtector? I think (and I just reading it) that the 'purpose string' is for that...
You can send the same string array (certificate id?) as purpose string and get back a DataProtector of the same behavior over-and-over-again...
However it is not clear if you can re-create the IDataProtectionProvider (father of all)... You should test it and write a useful sample (as those of Microsoft are useless)...
"The only place where Success comes before Work is in the dictionary." Vidal Sassoon, 1928 - 2012
|
|
|
|
|
Super Lloyd wrote: Which mean that I could decrypt what they encrypt with that API.
I am a little confuse as to what are the expectations here? Sounds like it; what did you expect, versus what is described? Take note that this is not an encryption-api meant for general text in an email, but to protect something locally. You may want to put the result in a cooky, for example. The result will be not just encrypted with your rootcert, it will be tamperproof (means it is not just encryption, but there's some kind of checksum-like thingy there).
Super Lloyd wrote: Further it's not quite clear anywhere in the API how to customise so I can use some shared certificate...
The purposes parameter is inherent to the security of the data protection system, as it provides isolation between cryptographic consumers, even if the root cryptographic keys are the same.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
After learning C# for a while it seems that you need to keep within certain rules to have the program compile. It looks like a case of modifying a program so that it works under C#. There is no global variable allowed so in order to move variables between classes means re-writing the program so it fits within the C# rules.
Maybe some programs are better suited to C# than others.
I do like being able to design a user interface. All programs seem to have a user interface as I've never come across a program that only runs under the DOS prompt.
Imagine what programs like Audacity would be like if they only used the DOS prompt.
I'm being drawn towards C++ as it does allow global variables compared to C#. I know that it's not good to use global variables and most variables should remind within their own class but it's not always easy to design a program like this and the program I have in mind that I want to write has many varables between classes. I could write it with less classes but I want to have classes for certain purposes that can be reused in other programs. It also makes the program easier to deal with when changes are made.
Comments are welcome thanks.
Brian
|
|
|
|
|
Brian_TheLion wrote: After learning C# for a while it seems that you need to keep within certain rules to have the program compile.
True for ANY language, not just C#.
Brian_TheLion wrote: It looks like a case of modifying a program so that it works under C#. There is no global variable allowed so in order to move variables between classes means re-writing the program so it fits within the C# rules.
It's no the rules of C# so much as it is a strict implementation of Object Oriented Programming, which other languages support, not just C#.
"Global variables", in my humble opinion, are a lazy and error prone way of moving data between objects.
Brian_TheLion wrote: the program I have in mind that I want to write has many varables between classes
You're thinking of data used in more than one class as "global". Well, "global" is just another container, just like a class instance is a container, that can be passed into other class methods.
Brian_TheLion wrote: It also makes the program easier to deal with when changes are made.
Actually, this isn't true. You have code all over the place that can manipulate "global" variables and debugging problems with that code can be a nightmare because there is no central repository controlling access to those variables.
|
|
|
|
|
Thanks Dave for your answers to what I have written.
To give you a better idea of what I'm aiming for please consider this example.
This is for a text adventure game where the player can pick up and drop objects.
You have an inventory class and a get/drop class
The player might type "get slippers" from the main() class
The main() class recognizes this as a 'get' command and sends the item "slippers" to the get/drop class.
The get/drop class would have to check the inventory class to see if the player already is carrying slippers and also to check if the player can carry more items, if these checks pass then the get.drop class would have to remove the slippers from the room and send "slippers to the inventory class so that they are added to the items carried by the player which is kept in the inventory class. Finally the get/drop class sends back to the main() class a test message for the player "Slippers picked up".
So there needs to be a way for C# to communicate between classes and one class to be able to control another class.
Brian
|
|
|
|
|
Hi,
Classes get instantiated into objects; all the objects from a single class have the same behavior.
Most often these objects are tangible, real-life objects. They have properties that describe them (Age, Color, Size, etc) and methods that operate on them.
In an adventure game you would have one or more Adventurer , lots of Room s, each Room could have Door objects and Window objects, each Adventurer would have an Inventory , an Inventory would hold InventoryItem s which could be Keys and Slippers (deriving from InventoryItem ), etc.
None of these classes would be named after verbs, a get/drop class makes no sense whatsoever. A Get() or a Drop() method would make lots of sense on InventoryItem s.
If you want to learn object-oriented programming (OOP) then please study the matter by reading a book on the subject, before you start designing and coding. If you refuse to learn OOP properly then please don't touch any of the languages that are intended for OOP, such as Java or C#.
FYI: C++ was launched trying to support OOP while maintaining compatibility with non-OOP practices (as in C). I have never been convinced C++ did the programming world a favor. However I am sure Java and C# do. Except maybe for the latest syntax-sugaring additions to those languages.
|
|
|
|
|
Thanks Luc for your reply.
In the adventure there is a test each time the player enters commands so if the player enters get slippers the program would check if there was a test to pass first before the slippers could be picked up. The test class has 10 to 14 variables which are counters, flags, location of object, etc.
so there is a lot involved in this text adventure game.
I think you are suggesting that I have get and drop methods in the main() class rather than in the GetDrop class, is this would you were meaning?
So far apart from the GetDrop class I have classes for Inventory, Look (or examine), Movement, Tests and SaveLoad (which might be separate Save and Load classes.
The whole program could be written in the Main() class using procedures but I wanted to try creating classes as I wanted code that is in what I call black boxes away from the main code.
Also wanted to try using classes to break up the code and make it easier to modify later on as well as learn about the use of classes.
I have been reading books and studying examples on C#.
Brian
|
|
|
|
|
No!
GetDrop is not a noun, it is two verbs, it cannot possibly be a candidate for a class.
There is no main() class in my world; besides, class names use TitleCase and no parentheses.
If Slippers can be gotten, they need a Get() method.
If Keys can be gotten, they need a Get() method.
Where are the slippers? where are the keys? does the adventurer know? No. Do all the rooms know? No. The slippers and the keys know where they are, it is information that pertains to them, and to nothing elxe.
There should be an Inventory object (or even one per Adventurer), and everything inside such Inventory should derive from InventoryItem, which can hold common properties and/or common methods of gettable objects. An item's location would be an obvious property of InventoryItem; and maybe your complex test belongs there, so you don't have to repeat such test code in every single inventory item's code.
Inside InventoryItem class, you probably will have good use for a static List<inventoryitem> where all items get stored, so you can search them. That is how a Room can figure what is present at any point in time.
This was my last technical contribution to this topic. From all you write (and all you apparently don't pick up reading our answers) it is very clear to me you are still missing the basics of OOP. If you don't work on this (shut down your computer and go read one or two OOP books now!) you are wasting your and our time. Books tend to present their subject in a structured way, dealing with way more aspects than you are thinking of right now; random questions in a forum can't match that, they become useful after you acquired the foundation, not before.
Good luck. Over and out.
|
|
|
|
|
Hi Luc.
One thing I did learn from reading your text and texts from some others is that the name of a class needs a noun word. I had thought that you could call the class any name.
Strangely that is not taught in the books I have been reading (or I missed it).
Thanks for your information, it was not a wasted effect.
Brian
|
|
|
|
|
Brian_TheLion wrote: You have an inventory class and a get/drop class
No you wouldn't. You would have an Inventory class with Add, Get, and Drop methods.
A class is always a noun. The methods exposed by the class are always verbs that perform operations on that noun.
Your Inventory class should never output messages to the console. UI operations have nothing to do with managing the data stored by the Inventory class.
This is true for ANY OOP language, including C++ and Java.
|
|
|
|
|
Hi Dave.
I was thinking of breaking up the code so that all get drop actions was handled by a GetDrop class, are you suggesting that I should have the get and drop procedures in the main() class?
Brian
|
|
|
|
|
I'm not suggesting anything at all. BUt I am saying you don't need a "GetDrop" class for anything. Again, classes are always nouns, not verbs.
|
|
|
|
|
Hi Dave.
I have learn from yourself and from a few replies that the name of a class should be a noun.
That presents a another problem is how do I get a message back to the player from the inventory class such as a condition where it was not possible pick up an item.
I'd have a rich text message box on the form attached to a string called messages and hopefully there is a way to check for changes in the string so all I need to do is to change the text in the message string which would cause the rich text box to display the string as the string has changed.
I'll study the OnPropertyChanged() command.
Brian
|
|
|
|
|
The Inventory class isn't responsible for communicating with the user at all, nor is it responsible for picking up items.
The Inventory class just manages what is already in inventory, adding items to it, and removing items from it. Nothing else. Think of as a bag of items.
Can a bag pickup items from the room? No. The Player has to pickup the items and place them in the bag.
Forget OnPropertyChanged until you learn the basics of OOP. It's not going to help you.
|
|
|
|
|
In that case it looks like I need a Player class Dave.
Brian
|
|
|
|
|
|
Dave Kreskowiak wrote: "Global variables", in my humble opinion, are a lazy and error prone way of moving data between objects. But like in C++, you don't want to have to reallocate memory every time you need static data. "Global" (static) properties and methods are still a necessary and vital construct in C#.
For instance, I have a static SessionVars object in my web apps that provide a foolproof (and type-safe) method for accessing session variables. It's "globally" accessible to the entire app (controllers, views, and other classes).
I also have a static Globals class that provides properties (that don't belong in SessionVars ) and methods for the entire app.
Classifying all "global" objects as the crutch of the lazy programmer is pretty - well - globally wrong. Like any other construct, you have to use static classes apporpriately.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Using variables themselves for passing data to everywhere, like in the old BASIC days, is lazy in an OOP environment. Doing so is an attempt to bypass OOP principles and avoid learning how to do it correctly.
I never said there is never a need for globally accessible DATA. I'm saying using global VARIABLES (outside of a class, because the old non-OOP days is where this idea comes from) to hold that data is the wrong way to do it. It's not even possible to do that in C# anyway, where everything must be in a class somewhere.
Static classes are a good thing where globally accessible data can be managed properly, but, as you said, must be done appropriately and for the correct reasons.
|
|
|
|
|
Hi #realUSOP.
I agree that in using Global variables is a lazy approach and does not make a good programmer.
The reason why I had a need to use Global variables was so classes could get variable information from each other. The inventory class would check the objects class to find out if the object location was in the same room as the player for the player to be able to pick up the object.
I'm thinking of classes grouping code together but after reading my replies maybe this is not the case.
Brian
|
|
|
|
|
I came from C++ to .Net, and I disagree. When used appropriately, global vars are a viable - and even necessary - part of C++.Simply replace the global vars with a static class that contains the vars, and you're off an running. I don't understand how this would be a bad thing, and will continue to use my static globals class for this kind of stuff...
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Is it weird that I rarely use global variables?
I've used static classes with constants defined for "magic values" and objects that are required throughout the code, like a logger, but true global variables, not really.
|
|
|
|
|
Thanks for your support realUSOP.
Brian
|
|
|
|
|
Hi Dave
I wrote:
It also makes the program easier to deal with when changes are made.
You replied:
Actually, this isn't true. You have code all over the place that can manipulate "global" variables and debugging problems with that code can be a nightmare because there is no central repository controlling access to those variables.
One of my original reasons for using classes was to put things into what I call 'black boxes'. Once the code was working in the class then I could forget about the class. I send data to the class and it sends me back data. I don't need to know what goes on in the class (black box). It's like turn on a TV and getting a picture. I don't need to know what goes on inside the TV to give me a picture.
If I need to make some improvements to the inventory then I only need to deal with the code in the inventory class.
Brian
|
|
|
|
|
Please accept that my intention in saying this to you is positive, addressed to that vital entity in you that learns ... that develops new skills over time.
So far, I see you as having been "messing around" with C#; I see no evidence of systematic study. You continue to ask questions which ask us to "spoon-feed" you information you could easily have found for yourself.
Go ahead to C++, have your global variables, but, don't kid yourself that you have taken a serious look at C#.
«Where is the Life we have lost in living? Where is the wisdom we have lost in knowledge? Where is the knowledge we have lost in information?» T. S. Elliot
|
|
|
|
|