Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   Storing a cryto key in .Net (http://www.velocityreviews.com/forums/t765262-storing-a-cryto-key-in-net.html)

Morten Brun 10-22-2003 01:47 AM

Storing a cryto key in .Net
 
Hi

I am looking for some good suggestions to store a cryto key with my
new Asp.Net application using Triple Des to encrypt data. The database
is on SQL2000 server..

My first idea was to store the key within the program, but as programs
can be easily obfuscated this is probably a bad idea.

Any suggestion will be highly appreciated.

Morten



Ram Sunkara [msft] 10-22-2003 02:46 AM

Re: Storing a cryto key in .Net
 
Use DPAPI.



Make a command line executable that writes a DPAPI blob into your
application configuration file. Let your application decrypt the DPAPI blob
as when required to encrypt or decrypt.



Deploying your application will now include running this executable in all
the target machines.



Put this command line executable in share and give execute only permissions
to all the authorized users, explicitly deny coping this executable.



Ram-

"Morten Brun" <morten@pconsult.dk> wrote in message
news:16obpv005egijsjtf9ntdmcjbpq87f2sqs@4ax.com...
> Hi
>
> I am looking for some good suggestions to store a cryto key with my
> new Asp.Net application using Triple Des to encrypt data. The database
> is on SQL2000 server..
>
> My first idea was to store the key within the program, but as programs
> can be easily obfuscated this is probably a bad idea.
>
> Any suggestion will be highly appreciated.
>
> Morten
>
>




Morten Brun 10-22-2003 03:37 PM

Re: Storing a cryto key in .Net
 

Hi Ram

Thanks your suggestion, which unfortunately does not fit my purpose,
however have found some good MSDN articles on DAPI so there might be a
solution in this.

Morten


"Ram Sunkara [msft]" <ramsun@online.microsoft.com> wrote:

>Use DPAPI.
>
>
>
>Make a command line executable that writes a DPAPI blob into your
>application configuration file. Let your application decrypt the DPAPI blob
>as when required to encrypt or decrypt.
>
>
>
>Deploying your application will now include running this executable in all
>the target machines.
>
>
>
>Put this command line executable in share and give execute only permissions
>to all the authorized users, explicitly deny coping this executable.
>
>
>
>Ram-
>
>"Morten Brun" <morten@pconsult.dk> wrote in message
>news:16obpv005egijsjtf9ntdmcjbpq87f2sqs@4ax.com.. .
>> Hi
>>
>> I am looking for some good suggestions to store a cryto key with my
>> new Asp.Net application using Triple Des to encrypt data. The database
>> is on SQL2000 server..
>>
>> My first idea was to store the key within the program, but as programs
>> can be easily obfuscated this is probably a bad idea.
>>
>> Any suggestion will be highly appreciated.
>>
>> Morten
>>
>>

>



Alek Davis 10-24-2003 10:39 PM

Re: Storing a cryto key in .Net
 
Morten,

Maybe this article can give you some suggestions:

http://msdn.microsoft.com/msdnmag/is...a/default.aspx

Alek

"Morten Brun" <morten@pconsult.dk> wrote in message
news:16obpv005egijsjtf9ntdmcjbpq87f2sqs@4ax.com...
> Hi
>
> I am looking for some good suggestions to store a cryto key with my
> new Asp.Net application using Triple Des to encrypt data. The database
> is on SQL2000 server..
>
> My first idea was to store the key within the program, but as programs
> can be easily obfuscated this is probably a bad idea.
>
> Any suggestion will be highly appreciated.
>
> Morten
>
>





All times are GMT. The time now is 07:30 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.