Using the cryptography enterprise library application block

B

Brian Nielsen

Hi

I'm trying to use the Cryptography application block within a web
application and have encountered a problem that I hope you can help resolve.

1. When I create a key file through "Enterprise Library Configuration", I
select e.g the 3DES provider and goes through the wizard of creating a key.
A part of the wizard wants to further enhance security by encrypting the key
either in "User mode" or "Machine mode", using the currently logged in user
to encrypt the key or some machine information to encrypt the key.

If I select "User mode", does this mean that the only person that can
encrypt/decrypt data using this key, is the user that created the key because
the key have been encrypted using that user credentials?

If so, how can I make the Cryptographic application block use a key that
anyone have access to and can use?

And how do I create this key?


I hope my questions make sense to you :)

Regards

Brian Braad Nielsen
 
C

Cowboy \(Gregory A. Beamer\)

Not necessarily. It will restrict the data to the process as the "user" in
question is generally the process ASP.NET is running under. Both machine
mode and user mode keys are already created by .NET.

I have not delved deeply into Ent Lib, so I cannot answer the best way to
set up the Crypto block. If you want more info on what is going on
underneath the hood, look up the Data Protection API (DPAPI). You will
likely find clues there.

For the EntLib, I would consider looking at the following:
http://msdn2.microsoft.com/en-us/library/aa480453.aspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top