The widespread misuse of cryptography in software systems is the most frequent source of cryptography-related security problems. Several misuses of cryptography have been found to be recurrent in software in general, resulting in vulnerabilities exploitable in real attacks. There is a huge gap between what cryptologists see as misuses of cryptography and what developers see as unsafe use of cryptographic technology. This chapter contributes to fill this gap by addressing the programmatic use of asymmetric (public key) cryptography by software developers with little or no experience in information security and cryptography. The text is introductory and aims at showing to software programmers, through actual examples and code snippets, the gooduses and misuses of asymmetric cryptography and facilitate further studies.
Where: Brazilian Symposium on Information Security and Computational Systems (SBSeg), October 2018, Natal (Brazil)