What is Nethereum?

Introduction to Ethereum .Net cross platform integration library
18 December 2017   3896

What is Nethereum?

Nethereum is the .Net integration library for Ethereum, simplifying the access and smart contract interaction with Ethereum nodes both public or permissioned like Geth, Parity or Quorum.

Nethereum is developed targeting netstandard 1.1, net451 and also as a portable library, hence it is compatible with all the operating systems (Windows, Linux, MacOS, Android and OSX) and has been tested on cloud, mobile, desktop, Xbox, hololens and windows IoT.

According to official docs, upcoming releases will include functionalities such as DevP2P, Plasma and Micro-Payments.

Main features:

  • JSON RPC / IPC Ethereum core methods.
  • Geth management API (admin, personal, debugging, miner).
  • Parity management API.
  • Quorum integration.
  • Simplified smart contract interaction for deployment, function calling, transaction and event filtering and decoding of topics.
  • Unity 3d Unity integration.
  • ABI to .Net type encoding and decoding, including attribute based for complex object deserialization.
  • Hd Wallet
  • Transaction, RLP and message signing, verification and recovery of accounts.
  • Libraries for standard contracts Token, ENS and Uport
  • Integrated TestRPC testing to simplify TDD and BDD (Specflow) development.
  • Key storage using Web3 storage standard, compatible with Geth and Parity.
  • Simplified account life cycle for both managed by third party client (personal) or stand alone (signed transactions).
  • Low level Interception of RPC calls.
  • Code generation of smart contracts services.

Learn more at GitHub.

Ledger to Discover HSM Vulnerability

HSM is an external device designed to store public and private keys used to generate digital signatures and to encrypt data, used by banks, exchanges, etc
10 June 2019   1272

A group of researchers from Ledger identified several vulnerabilities in the Hardware Security Module (HSM) devices, which can be used to extract keys or perform a remote attack to replace the firmware of an HSM device. The problem report is currently available only in French, the English-language report is scheduled to be published in August during the Blackhat USA 2019 conference. HSM is a specialized external device designed to store public and private keys used to generate digital signatures and to encrypt data.

HSM allows you to significantly increase protection, as it completely isolates keys from the system and applications, only by providing an API to perform basic cryptographic primitives implemented on the device side. Typically, HSM is used in areas where you need to provide the highest protection, for example, in banks, cryptocurrency exchanges, certification centers for checking and generating certificates and digital signatures.

The proposed attack methods allow an unauthenticated user to gain complete control over the contents of the HSM, including extracting all the cryptographic keys and administrative credentials stored on the device. The problems are caused by a buffer overflow in the internal PKCS # 11 command handler and an error in the implementation of the cryptographic protection of the firmware, which bypasses the firmware check using the PKCS # 1v1.5 digital signature and initiates loading the own firmware in the HSM.

The name of the manufacturer, the HSM devices of which have vulnerabilities, has not yet been disclosed, but it is argued that the problem devices are used by some large banks and cloud service providers. At the same time it is reported that information about the problems was previously sent to the manufacturer and it has already eliminated vulnerabilities in the fresh firmware update. Independent researchers suggest that the problem may be in the devices of the company Gemalto, which in May released an update to Sentinel LDK with the elimination of vulnerabilities, access to information about which is still closed.