Best place to store password for SQL Server 2005 Asymmetric Key and how do i use it for encryption-decryption from VB6

Hi all,

   I have a question and I hope you can help me. I want to store some very sensitive data in my database, at work, that are being used frequently. So I decided to use a Symmetric Key Encrypted by an Asymmetric Key with Password. (Please let me know if you agree with my decision. )

Now, my problem is where do I store the Asymmetric's Key password in VB6 in order to open the symmetric key? I know I should not just have it in my source code. I would like to hear what u guys think.

Thanks,
Savvas
LVL 2
AJKBOCAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

23637269Commented:
There are many options availabe.  I will give you a few of the places I have used, I am sure that there will be many great places from everyone.

You can create your own large dat file for example and disperse pieces throught.

You can store parts of it in the name of controls or their ItemData property if not used then parse the various controls to build your key.

You can get the fingerprint of the system 's Serial Number, CPU Serial or something else that is not easy for the end user to learn.

Instead of storing sKey = "tEsTkEy" you can store sKey = Chr(116) & Chr(69) etc.. or binary but if the end user has a good HEX editor they can easy convert and see.

Don't make it easy by calling the Database Password something like DataBasePassword.

No matter what someone does, there are those that will crack the protection.

Thanks
Roger
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JimBrandleyCommented:
The reason for using an asymmetric key is so you can send your public key to some other person. Do you intend to do that? If not, I would simply use the symmetric key to encode the data, and not store the key in the program at all. Instead, I would compute the symmetric key from the password you provide at run-time.

Jim
0
AJKBOCAuthor Commented:
JimBrandley,

  the reason i am using the asymmetric key to encrypt symmetric key is for security. Asymmetric key is more secure than a symmetric key. The reason i am not using only an asymmetric key is because is very resource-intensive and since the data are being used very frequent it would have great impact on the server performance. Therefore i am using a symmetric key but i protect it with an asymmetric one for greater security.

Roger,
   thanks for the tips. I will wait a bit more to see if there any more ideas on where to store the password.

Thanks,
Savvas
0
AJKBOCAuthor Commented:
23637269. Thanks for the comments. I decided to use a program like ExeCryptor. This way i will feel more secure.

Savvas
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.