encrypting SQL server connection string in web.config

[VR]

In my web.config I am storing a connection string to SQL
server, along with password and user name. My goal is to
somehow encrypt the string so it wouldn't be in clear text.

From my understanding I cannot use the one-way algorithms,
like MD5 or SHA1, since I'll have to decrypt the
connection string I read from the file.

Therefore, I tried using DES (symmetrical algorithm). The
problem I might be having is that the encrypted version of
the string consists of bytes with values from 0..255, so
it doesn't map very well into ASCII, and therefore, I
can't reliably store it in web.config file.

Are there symmetrical algorithms that produce ASCII hash?
Or am I doing the whole thing wrong?

Thanks in advance for any help.

VR

 

[Lewis Wang [MSFT]]

Hi Victor,

I understand that you need other symmetrical algorithms to produce ASCII
hash. I will do some research for you and will get back to you with my
findings.

Best regards,
Lewis
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Content-Class: urn:content-classes:message
| From: "VR" <[email protected]>
| Sender: "VR" <[email protected]>
| Subject: encrypting SQL server connection string in web.config
| Date: Sun, 7 Sep 2003 14:48:20 -0700
| Lines: 20
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcN1icEGkZh7rJSHSomDe3N47YsQqw==
| Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:6575
| NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
|
| In my web.config I am storing a connection string to SQL
| server, along with password and user name. My goal is to
| somehow encrypt the string so it wouldn't be in clear text.
|
| From my understanding I cannot use the one-way algorithms,
| like MD5 or SHA1, since I'll have to decrypt the
| connection string I read from the file.
|
| Therefore, I tried using DES (symmetrical algorithm). The
| problem I might be having is that the encrypted version of
| the string consists of bytes with values from 0..255, so
| it doesn't map very well into ASCII, and therefore, I
| can't reliably store it in web.config file.
|
| Are there symmetrical algorithms that produce ASCII hash?
| Or am I doing the whole thing wrong?
|
| Thanks in advance for any help.
|
| VR
|

 

[ryan_fagan]

I use this class to map my encrypted values to hex which store well in ASCII format:


/// <summary>
/// Summary description for Hex.
/// </summary>
public class Hex
{
private Hex()
{
//
// TODO: Add constructor logic here
//
}

public static string ByteArrayToHexString(byte[] bytes)
{
StringBuilder hexString = new StringBuilder();
for (int i = 0; i < bytes.Length; i++)
{
hexString.Append(bytes.ToString("X2"));
}
return hexString.ToString();
}

public static byte[] HexStringToByteArray(string hexString)
{
byte[] bytes = new byte[hexString.Length / 2];
for (int i = 0; i < hexString.Length / 2; i++)
{
string hexChar = hexString[i*2].ToString() + hexString[i*2 + 1].ToString();
bytes = Byte.Parse(hexChar, System.Globalization.NumberStyles.HexNumber);
}
return bytes;
}

}

 

[Alek Davis]

VR,

Check out this tool, it can help you do exactly what you want:
http://www.obviex.com/cipherlite/.