Solved

How to store an encryption key in app.config?

Posted on 2010-09-10
6
884 Views
Last Modified: 2012-05-10

I have an encryption key created like this:
TripleDESCryptoServiceProvider encryptionKey = new TripleDESCryptoServiceProvider();

I am using it to encrypt an XML file.  I need to save this key so that I can decrypt the file later... days later...  how should I do that? In the App.config?

If so, how is that done?  (I have an App.config, I just don't know how to put a key in there)

Dave
0
Comment
Question by:davecove
6 Comments
 
LVL 3

Expert Comment

by:vusov
Comment Utility
Yes you can save your key in the app.config using Settings class. So please add your key to the project settings and then use Save method like this:
Settings.Default.Key = "some key";
Settings.Default.Save();

But I would suggest to save you settings in some separate XML file using serialization.
0
 
LVL 30

Expert Comment

by:MlandaT
Comment Utility
It is generally advisable not to store keys in plain text files, such as code files, settings files or the app.config. Anyone can access the key adn decrypt the data, which defeats the purpose of the encryption in the first place. http://msdn.microsoft.com/en-us/library/tswxhw92%28v=VS.90%29.aspx has recommendations how to store your keys safely.

http://msdn.microsoft.com/en-us/library/5e9ft273%28v=VS.90%29.aspx
0
 
LVL 4

Expert Comment

by:MichaelMH
Comment Utility
In the content of the App.config file. Check the code bellow.
As MlandaT mentioned, is not a good idea at all to store sensitive information in plain text files.
My suggestion is to keep your key in database table for example. If this is not a valid solution for your scenario, the it would be better if you would encrypt your key and stored the encrypted version in App.config.


<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <appSettings>
    <add key="MyKeyIsHere" value="MyKeyValue"/>
  </appSettings>
</configuration>

Open in new window

0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:davecove
Comment Utility
MichaelMH...  what you wrote is what I want to do...  what I am looking for is the code to do that with a TripleDESCryptoServiceProvider object and not just a couple of common strings.

This is a low risk situation and I am trying to put up a minimal barrier to users reading the user.xml to discover passwords by 'scrambling' the passwords in the user.xml file.   If there is something like this, I would gladly use it

string seed = "a string to use as a seed for the encoder";
string scrambledPass = encrypt("realpassword",seed);
string unscrambledPass = decrypt(scrambledPass,seed);

Thank you for your time,
Dave
0
 
LVL 4

Accepted Solution

by:
MichaelMH earned 250 total points
Comment Utility
The code bellow is a conversion from VB to C# so you will have to do some search to convert the VB function to C# or you could import  the Microsoft.VisuaBasic namespace and make use of it directly.

public class EncryptDecrypt
{
    private const string _ExecuteCipherText = "!5#a$p%]o[^3&e*l(6)";
    private string _MODEPASS = string.Empty;
    private const string _MODEPASSCHECK = "tD@SW.deV18";
    private const int CIPHER_MAX_ASC = 0x4ec;
    private const int CIPHER_MIN_ASC = 0x20;
    private const int CIPHER_NUM_ASC = 0x4cd;

    public EncryptDecrypt(string MODE)
    {
        this.MODEPASS = MODE;
    }

    public string Cipher(string from_text)
    {
        string str2;
        long num3 = this.ExecuteCipherNumeric();
        Math.Rnd(-1f);
        Math.Randomize((double) num3);
        int num4 = Strings.Len(from_text);
        int num5 = num4;
        for (int i = 1; i <= num5; i++)
        {
            int charCode = Strings.AscW(Strings.Mid(from_text, i, 1));
            if ((charCode >= 0x20) & (charCode <= 0x4ec))
            {
                charCode -= 0x20;
                num3 = (long) Math.Round((double) Conversion.Int((float) (1230f * VBMath.Rnd())));
                charCode = (int) ((charCode + num3) % 0x4cdL);
                charCode += 0x20;
                str2 = str2 + Conversions.ToString(Strings.ChrW(charCode));
            }
        }
        return str2;
    }

    private long ExecuteCipherNumeric()
    {
        long num7;
        string ExecuteCipherText = this.ExecuteCipherText;
        int num6 = Strings.Len(ExecuteCipherText);
        int num8 = num6;
        for (int i = 1; i <= num8; i++)
        {
            long num4;
            long num5;
            long num = Strings.Asc(Strings.Mid(ExecuteCipherText, i, 1));
            num7 ^= (long) Math.Round((double) (num * Math.Pow(2.0, (double) num4)));
            num7 ^= (long) Math.Round((double) (num * Math.Pow(2.0, (double) num5)));
            num4 = (num4 + 7L) % 0x13L;
            num5 = (num5 + 13L) % 0x17L;
        }
        return num7;
    }

    public string Decipher(string from_text)
    {
        string str2;
        long num3 = this.ExecuteCipherNumeric();
        VBMath.Rnd(-1f);
        VBMath.Randomize((double) num3);
        int num4 = Strings.Len(from_text);
        int num5 = num4;
        for (int i = 1; i <= num5; i++)
        {
            int charCode = Strings.AscW(Strings.Mid(from_text, i, 1));
            if ((charCode >= 0x20) & (charCode <= 0x4ec))
            {
                charCode -= 0x20;
                num3 = (long) Math.Round((double) Conversion.Int((float) (1230f * VBMath.Rnd())));
                charCode = (int) ((charCode - num3) % 0x4cdL);
                if (charCode < 0)
                {
                    charCode += 0x4cd;
                }
                charCode += 0x20;
                str2 = str2 + Conversions.ToString(Strings.ChrW(charCode));
            }
        }
        return str2;
    }

    private string ExecuteCipherText
    {
        get
        {
            if (this.MODEPASS == "tD@SW.deV18")
            {
                return "!5#a$p%]o[^3&e*l(6)";
            }
            return string.Empty;
        }
    }

    private string MODEPASS
    {
        get
        {
            return this._MODEPASS;
        }
        set
        {
            this._MODEPASS = value;
        }
    }
}

Open in new window

0
 

Author Closing Comment

by:davecove
Comment Utility
I can make that work...  thank you!

Dave
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now