Storing a cryto key in .Net

Ask a Question related to ASP.NET Security, Design and Development.

  1. Morten Brun #1

    Default Storing a cryto key in .Net

    Hi

    I am looking for some good suggestions to store a cryto key with my
    new Asp.Net application using Triple Des to encrypt data. The database
    is on SQL2000 server..

    My first idea was to store the key within the program, but as programs
    can be easily obfuscated this is probably a bad idea.

    Any suggestion will be highly appreciated.

    Morten


    Morten Brun Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. Why not storing
      Hy Everybody I am new to FMS and I am trying to build small applications like chatting, audio recording etc. I am stuck at the audio recording...
    2. Storing value from XML into a variable
      There is a combo-box by the name "cbJobs" and it gets its value from the XML file named "data.xml".. I want to store the value transferred from this...
    3. Storing PDF In SQL Database
      Using the following code I'm able to store some PDFs in a database. Step 1: Write the contents of a PDF file to a variable. Step 2: Store the PDF...
    4. Storing Cookies
      Hi all, Anyone know of any special issues with storing cookies with ASP? I'm trying this with two browsers: One is IE 6.0 with cookies set to...
    5. storing an array in a db
      I know your first reaction will be "WHY?!?!" But can it be done? Can I store a php array in a postgresql database? -- Alexander Ross...
  2. Ram Sunkara [msft] #2

    Default Re: Storing a cryto key in .Net

    Use DPAPI.



    Make a command line executable that writes a DPAPI blob into your
    application configuration file. Let your application decrypt the DPAPI blob
    as when required to encrypt or decrypt.



    Deploying your application will now include running this executable in all
    the target machines.



    Put this command line executable in share and give execute only permissions
    to all the authorized users, explicitly deny coping this executable.



    Ram-

    "Morten Brun" <morten@pconsult.dk> wrote in message
    news:16obpv005egijsjtf9ntdmcjbpq87f2sqs@4ax.com...
    > Hi
    >
    > I am looking for some good suggestions to store a cryto key with my
    > new Asp.Net application using Triple Des to encrypt data. The database
    > is on SQL2000 server..
    >
    > My first idea was to store the key within the program, but as programs
    > can be easily obfuscated this is probably a bad idea.
    >
    > Any suggestion will be highly appreciated.
    >
    > Morten
    >
    >

    Ram Sunkara [msft] Guest
    Reply With Quote Reply With Quote
  3. Morten Brun #3

    Default Re: Storing a cryto key in .Net


    Hi Ram

    Thanks your suggestion, which unfortunately does not fit my purpose,
    however have found some good MSDN articles on DAPI so there might be a
    solution in this.

    Morten


    "Ram Sunkara [msft]" <ramsun@online.microsoft.com> wrote:
    >Use DPAPI.
    >
    >
    >
    >Make a command line executable that writes a DPAPI blob into your
    >application configuration file. Let your application decrypt the DPAPI blob
    >as when required to encrypt or decrypt.
    >
    >
    >
    >Deploying your application will now include running this executable in all
    >the target machines.
    >
    >
    >
    >Put this command line executable in share and give execute only permissions
    >to all the authorized users, explicitly deny coping this executable.
    >
    >
    >
    >Ram-
    >
    >"Morten Brun" <morten@pconsult.dk> wrote in message
    >news:16obpv005egijsjtf9ntdmcjbpq87f2sqs@4ax.com.. .
    >> Hi
    >>
    >> I am looking for some good suggestions to store a cryto key with my
    >> new Asp.Net application using Triple Des to encrypt data. The database
    >> is on SQL2000 server..
    >>
    >> My first idea was to store the key within the program, but as programs
    >> can be easily obfuscated this is probably a bad idea.
    >>
    >> Any suggestion will be highly appreciated.
    >>
    >> Morten
    >>
    >>
    >
    Morten Brun Guest
    Reply With Quote Reply With Quote
  4. Alek Davis #4

    Default Re: Storing a cryto key in .Net

    Morten,

    Maybe this article can give you some suggestions:

    [url]http://msdn.microsoft.com/msdnmag/issues/03/11/ProtectYourData/default.aspx[/url]

    Alek

    "Morten Brun" <morten@pconsult.dk> wrote in message
    news:16obpv005egijsjtf9ntdmcjbpq87f2sqs@4ax.com...
    > Hi
    >
    > I am looking for some good suggestions to store a cryto key with my
    > new Asp.Net application using Triple Des to encrypt data. The database
    > is on SQL2000 server..
    >
    > My first idea was to store the key within the program, but as programs
    > can be easily obfuscated this is probably a bad idea.
    >
    > Any suggestion will be highly appreciated.
    >
    > Morten
    >
    >

    Alek Davis Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139