• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1694
  • Last Modified:

Best place to store password for SQL Server 2005 Asymmetric Key and how do i use it for encryption-decryption from VB6

Hi all,

   I have a question and I hope you can help me. I want to store some very sensitive data in my database, at work, that are being used frequently. So I decided to use a Symmetric Key Encrypted by an Asymmetric Key with Password. (Please let me know if you agree with my decision. )

Now, my problem is where do I store the Asymmetric's Key password in VB6 in order to open the symmetric key? I know I should not just have it in my source code. I would like to hear what u guys think.

Thanks,
Savvas
0
AJKBOC
Asked:
AJKBOC
  • 2
1 Solution
 
23637269Commented:
There are many options availabe.  I will give you a few of the places I have used, I am sure that there will be many great places from everyone.

You can create your own large dat file for example and disperse pieces throught.

You can store parts of it in the name of controls or their ItemData property if not used then parse the various controls to build your key.

You can get the fingerprint of the system 's Serial Number, CPU Serial or something else that is not easy for the end user to learn.

Instead of storing sKey = "tEsTkEy" you can store sKey = Chr(116) & Chr(69) etc.. or binary but if the end user has a good HEX editor they can easy convert and see.

Don't make it easy by calling the Database Password something like DataBasePassword.

No matter what someone does, there are those that will crack the protection.

Thanks
Roger
0
 
JimBrandleyCommented:
The reason for using an asymmetric key is so you can send your public key to some other person. Do you intend to do that? If not, I would simply use the symmetric key to encode the data, and not store the key in the program at all. Instead, I would compute the symmetric key from the password you provide at run-time.

Jim
0
 
AJKBOCAuthor Commented:
JimBrandley,

  the reason i am using the asymmetric key to encrypt symmetric key is for security. Asymmetric key is more secure than a symmetric key. The reason i am not using only an asymmetric key is because is very resource-intensive and since the data are being used very frequent it would have great impact on the server performance. Therefore i am using a symmetric key but i protect it with an asymmetric one for greater security.

Roger,
   thanks for the tips. I will wait a bit more to see if there any more ideas on where to store the password.

Thanks,
Savvas
0
 
AJKBOCAuthor Commented:
23637269. Thanks for the comments. I decided to use a program like ExeCryptor. This way i will feel more secure.

Savvas
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now