Solved

How do I encrypt (hide) an encryption-key variable without its value being shown in the ildasm (assembly) in C#/.NET

Posted on 2006-06-24
15
967 Views
Last Modified: 2008-01-09
I have put a lot of effort in order to build a class that encrypt ConnectionString or any other key/value arument in the App.config configuration file.
The problem I am facing is that the EncrypKey variable (string) I am using to hold the encryption key is shown in the ildasm utility as a part of the class assembly.
This issue was never a problem in C++ or VB as they are nativ programming languages, but the C# in .NET anvironment is an "open source code" to all whome consirn :(
I will apretiate very much a good solution in order to finnish the task I am facing of encryption of ConnectionString to a data-base.

I hope the solution will not be to write a DLL in nativ programming language such as C++ or VB and in this machine-code DLL to put the encription key I am using in the C# program. I do not have the knowladge for doing such a task (connecting between C# program and C++ DLL) and it is like saying that C# has a prity big disadvantege on native languages.

Here is what the ildasm showing when I look at the assembley of the encripting class.
Please notic that "SuperSecret" is the encryption key I am using in order to encrypt and decrypt ConnectionString value in App.config file.


.method public hidebysig specialname rtspecialname

        instance void  .ctor() cil managed

{

  // Code size       46 (0x2e)

  .maxstack  5

  IL_0000:  ldarg.0

  IL_0001:  ldnull

  IL_0002:  stfld      class [System]System.ComponentModel.Container SetAppConfig.Form1::components

  IL_0007:  ldarg.0

  IL_0008:  call       instance void [System.Windows.Forms]System.Windows.Forms.Form::.ctor()

  IL_000d:  ldarg.0

  IL_000e:  ldstr      "App.config"

  IL_0013:  ldstr      "ConnectionString"

  IL_0018:  ldstr      "SuperSecret"

  IL_001d:  newobj     instance void [iConUtils]iConUtils.appConfiguration::.ctor(string,

                                                                                  string,

                                                                                  string)

  IL_0022:  stfld      class [iConUtils]iConUtils.appConfiguration SetAppConfig.Form1::AppConfig

  IL_0027:  ldarg.0

  IL_0028:  call       instance void SetAppConfig.Form1::InitializeComponent()

  IL_002d:  ret

} // end of method Form1::.ctor

Regards
yoffir
0
Comment
Question by:yoffir
  • 8
  • 6
15 Comments
 
LVL 30

Expert Comment

by:Alexandre Simões
Comment Utility

Hi...
If you really think that by-pasing the JIT Compiling and the IL solves your issue, you can just use the NGEN tool to force native compilation on .net assemblies.

In advance I can assure you that your key is still possible to retrieve using the same old ways to get it out of the C and VB assemblies...
Yeah! Compiling something to binary doesn't mean you can't reverse engeneer the assembly... It just makes it a bit more difficult.

This said, I advise you to take a look here:
http://msdn2.microsoft.com/en-US/library/system.configuration.sectioninformation.protectsection.aspx

You don't mention what .net version you're using, this link is only for .net 2.0.


Appart of all this, you can use a good code obfuscator.
Most obfuscators have plenty of obfuscating options, so you can go from a simple rename of the variables to a complete code scramble, including strings encryption.
Visual Studio comes with one out of the box, but you can also get the de-obfuscator pretty easy, and the features sheet is very limited.
You can buy plenty more:
XENOCODE -> http://www.xenocode.com/Products/Postbuild/
Spices -> http://www.9rays.net/Products/Spices.Obfuscator/?gclid=CJm8wNeI4IUCFTI9MAodbQoXRQ
SmartAssembly -> http://www.smartassembly.com/
Salamander -> http://www.remotesoft.com/salamander/obfuscator.html


Good luck!

Alex :p
0
 

Author Comment

by:yoffir
Comment Utility
Hi Alex,
I would like to mention that I am working undet .NET version 1.1.
I must mention that I am not an expert and I did not understand some information you gave me!
I must say that I am very surprized  to know that even *.EXE/*.DLL files compiled in a non .NET platforms are able to be decompiled?!?!?!?!?!?!
Any way, could you please be more specific and try to give me a bit more "down to the ground" information regarding .NET version 1.1

In the past, when I was developing in ASP It was much more easy to protect the ConnectionString by putting it in a VB DLL and letting the ASP files have an access to the DLL by its API.

I would apretate very much a reply with a bit more specifics and less buzz words :)

Regrards
yoffir  
0
 
LVL 30

Expert Comment

by:Alexandre Simões
Comment Utility
Hi...

A first search on Google by "c dll reverse engineer" returned some good links proofing that what most people think about native compilation security is wrong.
Take a look at those two links bellow:
http://www.scitools.com/products/understand/cpp/product.php
http://www.backerstreet.com/rec/rec.htm

And of course, if it can be done with C assemblies, it also works with your VB6 ones.
Several years ago, it was more a matter of whether it would worth the trouble or not, and now as you can see, it doesn’t even gives much trouble.


What always has been secure is encryption.
If you really want your data secured you must encrypt it.
.net Framework 2.0 includes this new namespace system.configuration that have some good tools to encrypt you app config file.
Follow the link I gave you and it should be enough.


At the end, I gave you some pointers to Code Obfuscation.
This isn't actually an encryption (although some obfuscators already implement encryption), it's more something like messing all you code so it can be more difficult to find anything just looking at IL.


Please be more specific on witch parts you don't understand and I'll try to give you some more info.

Alex :p
0
 

Author Comment

by:yoffir
Comment Utility
Dear Alex,
Thank you very much for your comments.
As a new member in this great site I am very happy to get your experties and advices.
I will read the articales you sent me regarding "c dll reverse engineer" right after I'll finish writing you this comment ;-)
If I'll sumerise all your comments to me regarding the encryption issue in .NET I get the following:
1. messing all you code so it can be more difficult to find anything just looking at IL.
2. nativ code DLL's can be reverse engineered and it is not a 100% encryption solution.
3. .net Framework 2.0 includes this new namespace system.configuration that have some good tools to encrypt you app config file.

from all of that I am almost giving up here!
As I mentioned I am using .net Framework 1.1 - so solution 2 is not good for me.
Even if I wanted to use the not so perfect solution of nativ code DLLs (VB6 or C++) - I do not know how to link between C# and nativ code Dlls.
The only "normal" solution is messing my code to be not so "normal".

Alex, after thinking over and over again about the solutions you gave me - I preffer the nativ code DLLs solution.
In a case that you do not have any other good adies regarding the encryption issue, I will apretiate your help in "How to combine between C# .net Framwork 1.1 and a nativ code DLLs in VB6 / C++).

frustrating! very frustrating!

Thanks In Advanced
yoffir


 
0
 

Author Comment

by:yoffir
Comment Utility
Alex, this is my latest comment and it is edit of the previous comment.
Please notice the "========>" in this comment in order to see the changes I made to the previous comment.
-----------------------------------------------------------------------------------------------------------------------

Dear Alex,
Thank you very much for your comments.
As a new member in this great site I am very happy to get your experties and advices.
I will read the articales you sent me regarding "c dll reverse engineer" right after I'll finish writing you this comment ;-)
If I'll sumerise all your comments to me regarding the encryption issue in .NET I get the following:
1. messing all you code so it can be more difficult to find anything just looking at IL.
2. nativ code DLL's can be reverse engineered and it is not a 100% encryption solution.
3. .net Framework 2.0 includes this new namespace system.configuration that have some good tools to encrypt you app config file.

from all of that I am almost giving up here!
===========> As I mentioned I am using .net Framework 1.1 - so solution 3 is not good for me.
Even if I wanted to use the not so perfect solution of nativ code DLLs (VB6 or C++) - I do not know how to link between C# and nativ code Dlls.
The only "normal" solution is messing my code to be not so "normal".

Alex, after thinking over and over again about the solutions you gave me - I preffer the nativ code DLLs solution.
In a case that you do not have any other good adies regarding the encryption issue, I will apretiate your help in "How to combine between C# .net Framwork 1.1 and a nativ code DLLs in VB6 / C++).

frustrating! very frustrating!

Thanks In Advanced
yoffir
0
 
LVL 30

Expert Comment

by:Alexandre Simões
Comment Utility
Hi...

I know it was a slight mention, but on my first reply I told you about a way to compile .net manage code to native instead of IL.
This tools runs on the .net console...

Take a look here:
http://msdn.microsoft.com/msdnmag/issues/05/04/NGen/

Alex :p
0
 

Author Comment

by:yoffir
Comment Utility
Hi Alex,
I have made a small test and activated the Ngen in my >NET Framework v1.1 on an WindowsApplication1.exe file.
After that I went to the GAC and could see that my exe file is actually located with all other native images that .NET Framework is using.
At the end I have deleted the exe file from the GAC using Ngen /delete switch.

My question is how will I deploy an application that uses items located and registered in the GAC?
Imagine that I have some files that are using the native image class (DLL) and this native image need to be registered and stored in the GAC on the client's computer.
I have never needed to do such a task and all my code so far was managed code in on directory - debug\bin directory.

I still do not know if your idea regarding the Ngen for .NET Framework v1.1 will work for my EncryptKey variable, but it woth a shot.
I can tell you that I was very releived after NOT being able to disassemble the nativ image I have created using the Ngen utility (with the ildasm).

Alex, if I can be more focused on my question I would ask you that - after creating the nativ image file and after it was located in my computer at the GAC (c:\windows\assembly directory), is it possible to copy the nativ image file and move it to a different computer with all my other project mannaged files?

I hope you understood me.

Regards
Yossi

P.S. although I am still far-far away from solving the encryption problem I told you about - I am rewarding you with the 500 points I renked this question due to your dedication and devotion to help me with this new and unknown issue.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:yoffir
Comment Utility
Alex,
Iit seems that I have to wait to your comment on my last question before giving you the 500 points.
If I will give you the 500 points now - the question will be closed and will not be sent to you.
Sorry!

I'll wait for your comment and then close my question.

Alex, please try to think about the entire cycle of life of my application.
Yes, the encryption key value need to be encrypted in order not to see it on the ildasm, but it also need to be deployed to client computers.
If the Ngen solution is to much complicated with the deployment procedure - I am back to the drawing board :-(

Again, I will apretiate a conclusive solution taking all the variables of creating and deploying an application on different microsoft PC's (taking into consideration the nativ image issue).

Regards
yoffir

0
 
LVL 30

Accepted Solution

by:
Alexandre Simões earned 500 total points
Comment Utility
Hi...
If a .net application needs a dll, it will first try to find it on the local exe directory then on the GAC.

You can find the right help for NGEN 1.1:
http://msdn2.microsoft.com/en-us/library/ms165073.aspx

As you can see, you can provide the path where you want the assembly to be saved.

On the other hand, if on the project, you make a reference to that generated dll (even if it's on the GAC) and mark it as CopyToLocal = true on the reference properties, the dll will appear on the bin folder, next to the exe.

Alex :p
0
 
LVL 41

Expert Comment

by:graye
Comment Utility
Whew... this thread sure has taken some strange turns...

Wasn't the orginal question "How do I safely store encryption keys for my application"?

If so, then you probably need to look at how other folks have solved this problem (obviously, you're not alone).  Microsoft has created a set of Data Protection APIs (DPAPI) just for this situation.  It stores your encryption keys in the registry using it's own built-in machine-based encryption routine.  That way, the clear-text encryption key for your application is never included in the *.exe file.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/windataprotection-dpapi.asp
http://msdn.microsoft.com/msdnmag/issues/03/11/protectyourdata/

Let us know if you'd like to explore this option... and we can find you some examples.
0
 

Author Comment

by:yoffir
Comment Utility
Hello graye,
Tnx for your comment.
As you see I have graded Alex.p with 500 points and i will use his solution.
As far as your solution:
first, I have never wrote "How do I safely store encryption keys for my application?".
The original subject is and was always the same!
secone, as far as I know the APAPI is good for working on a web server without having to deploy your application to clients!!!
Or maybe i should say that the encryption key generated using the DPAPI is special to the machine that the application is running on.
by that NO ONE cane decrypt a key that is generated and stored on a registry of another machine but surly you can decryp a key that is generated and stored on your client machine.

please let me know if I am wright or maybe I got it all wrong.

Regards
yoffir
0
 
LVL 30

Expert Comment

by:Alexandre Simões
Comment Utility
Hi...

DPAPI is actually "locked" on the machine that generated it.
That doesn't mean you can't use it on WebPages.

Since your DataLayer is never on the Client Side but on the server, decrypting is still possible.

Again, a reference to a new thing in .net 2.0, there's a new class: System.Security.Cryptography.ProtectedData
This class implements the wraper around the Data Protection API (DPAPI).
You can grab some info here: http://msdn2.microsoft.com/en-us/library/system.security.cryptography.protecteddata.aspx

There're also implementations for .net 1.1. I can point you to some good links about it:
http://www.codeproject.com/aspnet/dapi.asp
http://www.developer.com/net/net/article.php/3465301
http://www.411asp.net/home/tutorial/specific/security/cryptogr
http://builder.com.com/5100-6373-1052981.html

Enough... :)

And remember...
If what you're securing is really sensitive (doesn't mean that's the current scenario) native compilation isn't "secure".

Alex :p
0
 

Author Comment

by:yoffir
Comment Utility
Hi Alex,
Tnx for your comment.
Please remember that I am using both client side and server side applications.
It is a mixed WinForms and WebForms application.
I understand that for the WebForms (Web Server) I can use DPAPI (even though I do not have any knowladge yet how to do that), but will it still work in client side?
Is it really a beter solution for me then the nativ images (Ngen) you recommended earlier?

By the way Alex, is it really prefered to us the native images then just creating a DLL in the old facion way in VB6 or C++ unmanaged code?

remember that I still do not have the knowlade on how to link between DLLs in C++ or VB6 and the .NET Framework v1.1 (C#), but if your recommendation is for this doctrine - I will learn how to do it !

Again,  thanks in advanced
yoffir
0
 
LVL 30

Expert Comment

by:Alexandre Simões
Comment Utility
Hi...

I don't see any advnatage on using other language just to produce a native compilation.
In matter os security (that is your issue here) it's the same.
Using unmanage language will force you to use Interop (something like a wraper around the unmanage assembly to make it manage).

As for DPAPI...
As I said before, native compilation isn't a sinonim og security. DPAPI is actually a security encryption process.
To secure connectionstrings, I believe you can still use DPAPI.
For that you must isolate the DataLayer on the server and make the BusinessLayer call the DataLeyer Methods (simple N-Tier scenario).
If all DataBase calls are on the server, the DPAPI key is allwys also on the server.
You can also put the DataLayer on a WebService...

Note that this, althogh simple it will make you app a bit more complex.
If you data is sencitive enough to worth all this DPAPI trouble do it, if not, leave it.

Alex :p
0
 

Author Comment

by:yoffir
Comment Utility
Hi Alex,
I wrote another qwuestion regarding the same subject.
the subject is "How do I encrypt (hide) an encryption-key variable without its value being shown in the ildasm (assembly) in C#/.NET deployed on multiple client PCs (WinForm)"

The question worth 500 points!

Please read the comments I got from several experts regarding my problem and try to anser me on the last comment I worte regarding that OPEN question.

I really apretiate your help Alex!

Regards
yoffir
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

We all know that functional code is the leg that any good program stands on when it comes right down to it, however, if your program lacks a good user interface your product may not have the appeal needed to keep your customers happy. This issue can…
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now