Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Asp.net and Encryption: Where to store the keys?

Reply
Thread Tools

Asp.net and Encryption: Where to store the keys?

 
 
David
Guest
Posts: n/a
 
      09-01-2005
One thing that's always puzzled me about implementing encryption on
remote asp.net apps is where to store the keys. The demo code indicate
that you include them in a configuration file, but this would seem to
defeat the purpose. If someone obtained the configuration file and
they knew the encryption method, then they could decrypt your data.

Storing them hard-coded in the app is just as bad, since it can be
disassembled. Obfuscation could help, but the string would still be
obtainable.

So, my question is, how should encryption keys be handled?

Ideas? Pointers to good articles on the subject?

Thanks
 
Reply With Quote
 
 
 
 
Steve C. Orr [MVP, MCSD]
Guest
Posts: n/a
 
      09-01-2005
Ah, yes, you've stumbled across the question everybody wants the answer to.
But there is no one answer. If everybody stored their keys in the same
place then hackers would know exactly where to attack.
Here's an interesting thread on the topic:
http://www.issociate.de/board/post/2...y_Storage.html

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net


"David" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> One thing that's always puzzled me about implementing encryption on
> remote asp.net apps is where to store the keys. The demo code indicate
> that you include them in a configuration file, but this would seem to
> defeat the purpose. If someone obtained the configuration file and
> they knew the encryption method, then they could decrypt your data.
>
> Storing them hard-coded in the app is just as bad, since it can be
> disassembled. Obfuscation could help, but the string would still be
> obtainable.
>
> So, my question is, how should encryption keys be handled?
>
> Ideas? Pointers to good articles on the subject?
>
> Thanks



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to store and still search special characters in Python and MySql ronrsr Python 1 02-15-2007 08:39 AM
Properties file and save and store Ramza Brown Java 1 08-05-2005 09:01 PM
store encrypted images and view them easily and securely free MP Digital Photography 0 05-31-2005 12:10 PM
to store or not to store an image =?Utf-8?B?UnVkeQ==?= ASP .Net 6 03-30-2005 05:51 AM
how to retrieve and store an image in MS SQL and asp.net? angus ASP .Net 2 05-20-2004 02:40 PM



Advertisments