Storing a cryto key in .Net

Discussion in 'ASP .Net Security' started by Morten Brun, Oct 22, 2003.

  1. Morten Brun

    Morten Brun Guest

    Hi

    I am looking for some good suggestions to store a cryto key with my
    new Asp.Net application using Triple Des to encrypt data. The database
    is on SQL2000 server..

    My first idea was to store the key within the program, but as programs
    can be easily obfuscated this is probably a bad idea.

    Any suggestion will be highly appreciated.

    Morten
    Morten Brun, Oct 22, 2003
    #1
    1. Advertising

  2. Use DPAPI.



    Make a command line executable that writes a DPAPI blob into your
    application configuration file. Let your application decrypt the DPAPI blob
    as when required to encrypt or decrypt.



    Deploying your application will now include running this executable in all
    the target machines.



    Put this command line executable in share and give execute only permissions
    to all the authorized users, explicitly deny coping this executable.



    Ram-

    "Morten Brun" <> wrote in message
    news:...
    > Hi
    >
    > I am looking for some good suggestions to store a cryto key with my
    > new Asp.Net application using Triple Des to encrypt data. The database
    > is on SQL2000 server..
    >
    > My first idea was to store the key within the program, but as programs
    > can be easily obfuscated this is probably a bad idea.
    >
    > Any suggestion will be highly appreciated.
    >
    > Morten
    >
    >
    Ram Sunkara [msft], Oct 22, 2003
    #2
    1. Advertising

  3. Morten Brun

    Morten Brun Guest

    Hi Ram

    Thanks your suggestion, which unfortunately does not fit my purpose,
    however have found some good MSDN articles on DAPI so there might be a
    solution in this.

    Morten


    "Ram Sunkara [msft]" <> wrote:

    >Use DPAPI.
    >
    >
    >
    >Make a command line executable that writes a DPAPI blob into your
    >application configuration file. Let your application decrypt the DPAPI blob
    >as when required to encrypt or decrypt.
    >
    >
    >
    >Deploying your application will now include running this executable in all
    >the target machines.
    >
    >
    >
    >Put this command line executable in share and give execute only permissions
    >to all the authorized users, explicitly deny coping this executable.
    >
    >
    >
    >Ram-
    >
    >"Morten Brun" <> wrote in message
    >news:...
    >> Hi
    >>
    >> I am looking for some good suggestions to store a cryto key with my
    >> new Asp.Net application using Triple Des to encrypt data. The database
    >> is on SQL2000 server..
    >>
    >> My first idea was to store the key within the program, but as programs
    >> can be easily obfuscated this is probably a bad idea.
    >>
    >> Any suggestion will be highly appreciated.
    >>
    >> Morten
    >>
    >>

    >
    Morten Brun, Oct 22, 2003
    #3
  4. Morten Brun

    Alek Davis Guest

    Morten,

    Maybe this article can give you some suggestions:

    http://msdn.microsoft.com/msdnmag/issues/03/11/ProtectYourData/default.aspx

    Alek

    "Morten Brun" <> wrote in message
    news:...
    > Hi
    >
    > I am looking for some good suggestions to store a cryto key with my
    > new Asp.Net application using Triple Des to encrypt data. The database
    > is on SQL2000 server..
    >
    > My first idea was to store the key within the program, but as programs
    > can be easily obfuscated this is probably a bad idea.
    >
    > Any suggestion will be highly appreciated.
    >
    > Morten
    >
    >
    Alek Davis, Oct 24, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bond
    Replies:
    0
    Views:
    336
  2. toton
    Replies:
    11
    Views:
    704
    toton
    Oct 13, 2006
  3. Jonathan Wood
    Replies:
    1
    Views:
    505
    Jonathan Wood
    Jun 2, 2008
  4. pmkatz
    Replies:
    0
    Views:
    393
    pmkatz
    Aug 25, 2004
  5. M P
    Replies:
    1
    Views:
    463
Loading...

Share This Page