Five new sample code projects, created by JW Secure, have recently been posted by the Microsoft Developer Marketing team. The purpose of the samples is to show off some of the hot new security-related technologies in Vista, and to give external developers a head start in adapting working code for their own purposes. A summary of what’s available:
1. Crypto API: Next Generation (CNG) sample code, demonstrating how to plug-in a new symmetric cipher (Twofish, in this case) at the CNG and CMS application layers. An example of a CMS-based application that could leverage this capability is Outlook – in case you want to encrypt email with your own crypto algorithm! A full walk-through article accompanies the code. Link – http://blogs.msdn.com/onoj/archive/2007/05/10/windows-vista-security-series-adding-a-cipher-algorithm-to-windows-vista.aspx.
2. Windows Firewall sample code, demonstrating the proper way to programmatically configure the firewall, for example for a custom socket-based server app. A full walk-through article accompanies the code, discussing how to make custom firewall rules as tight (i.e. secure) as possible, and how to test them. Link – http://blogs.msdn.com/onoj/archive/2007/05/09/windows-vista-security-series-programming-the-windows-vista-firewall.aspx.
3. IPsec sample code, demonstrating winsock secure socket extensions. In fact, this project doubles as a useful IPsec debugging tool ("IPsecPIng"), allowing policy and key negotiation to be tested (with detailed display of the results) between peers. This tool was co-developed with V6 Security, Inc. (http://www.v6security.com/). Link – http://blogs.msdn.com/onoj/archive/2007/05/10/windows-vista-security-sample-ipsecping.aspx.
4. Windows Filtering Platform sample code, demonstrating the proper way to configure a kernel mode filter/callout, with optional context supplied from user mode. Link – http://blogs.msdn.com/onoj/archive/2007/05/09/windows-filtering-platform-sample.aspx.
5. Remote Differential Compression sample code. This project wraps the builtin RDC COM API with a web service (and includes a test client). Not security-related, per se, but RDC is a neat technology and this is a cool demo! Link – http://blogs.msdn.com/onoj/archive/2007/05/10/windows-vista-sample-remote-differential-compression.aspx.
Note – everything you need to build and run these samples is free (including the latest Windows SDK, and the Visual Studio Express SKUs for C++ and C#) … (okay, Vista itself isn’t free, but you can just buy a new computer!)
Anyway, we had a lot of help in preparing this content, both from the Dev Marketing team and from various experts in the product groups. Looking forward to your feedback …