?
Solved

How to store an encryption key in app.config?

Posted on 2010-09-10
6
Medium Priority
?
920 Views
Last Modified: 2012-05-10

I have an encryption key created like this:
TripleDESCryptoServiceProvider encryptionKey = new TripleDESCryptoServiceProvider();

I am using it to encrypt an XML file.  I need to save this key so that I can decrypt the file later... days later...  how should I do that? In the App.config?

If so, how is that done?  (I have an App.config, I just don't know how to put a key in there)

Dave
0
Comment
Question by:davecove
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 3

Expert Comment

by:vusov
ID: 33652362
Yes you can save your key in the app.config using Settings class. So please add your key to the project settings and then use Save method like this:
Settings.Default.Key = "some key";
Settings.Default.Save();

But I would suggest to save you settings in some separate XML file using serialization.
0
 
LVL 31

Expert Comment

by:MlandaT
ID: 33652504
It is generally advisable not to store keys in plain text files, such as code files, settings files or the app.config. Anyone can access the key adn decrypt the data, which defeats the purpose of the encryption in the first place. http://msdn.microsoft.com/en-us/library/tswxhw92%28v=VS.90%29.aspx has recommendations how to store your keys safely.

http://msdn.microsoft.com/en-us/library/5e9ft273%28v=VS.90%29.aspx
0
 
LVL 4

Expert Comment

by:MichaelMH
ID: 33656805
In the content of the App.config file. Check the code bellow.
As MlandaT mentioned, is not a good idea at all to store sensitive information in plain text files.
My suggestion is to keep your key in database table for example. If this is not a valid solution for your scenario, the it would be better if you would encrypt your key and stored the encrypted version in App.config.


<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <appSettings>
    <add key="MyKeyIsHere" value="MyKeyValue"/>
  </appSettings>
</configuration>

Open in new window

0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:davecove
ID: 33656883
MichaelMH...  what you wrote is what I want to do...  what I am looking for is the code to do that with a TripleDESCryptoServiceProvider object and not just a couple of common strings.

This is a low risk situation and I am trying to put up a minimal barrier to users reading the user.xml to discover passwords by 'scrambling' the passwords in the user.xml file.   If there is something like this, I would gladly use it

string seed = "a string to use as a seed for the encoder";
string scrambledPass = encrypt("realpassword",seed);
string unscrambledPass = decrypt(scrambledPass,seed);

Thank you for your time,
Dave
0
 
LVL 4

Accepted Solution

by:
MichaelMH earned 1000 total points
ID: 33657019
The code bellow is a conversion from VB to C# so you will have to do some search to convert the VB function to C# or you could import  the Microsoft.VisuaBasic namespace and make use of it directly.

public class EncryptDecrypt
{
    private const string _ExecuteCipherText = "!5#a$p%]o[^3&e*l(6)";
    private string _MODEPASS = string.Empty;
    private const string _MODEPASSCHECK = "tD@SW.deV18";
    private const int CIPHER_MAX_ASC = 0x4ec;
    private const int CIPHER_MIN_ASC = 0x20;
    private const int CIPHER_NUM_ASC = 0x4cd;

    public EncryptDecrypt(string MODE)
    {
        this.MODEPASS = MODE;
    }

    public string Cipher(string from_text)
    {
        string str2;
        long num3 = this.ExecuteCipherNumeric();
        Math.Rnd(-1f);
        Math.Randomize((double) num3);
        int num4 = Strings.Len(from_text);
        int num5 = num4;
        for (int i = 1; i <= num5; i++)
        {
            int charCode = Strings.AscW(Strings.Mid(from_text, i, 1));
            if ((charCode >= 0x20) & (charCode <= 0x4ec))
            {
                charCode -= 0x20;
                num3 = (long) Math.Round((double) Conversion.Int((float) (1230f * VBMath.Rnd())));
                charCode = (int) ((charCode + num3) % 0x4cdL);
                charCode += 0x20;
                str2 = str2 + Conversions.ToString(Strings.ChrW(charCode));
            }
        }
        return str2;
    }

    private long ExecuteCipherNumeric()
    {
        long num7;
        string ExecuteCipherText = this.ExecuteCipherText;
        int num6 = Strings.Len(ExecuteCipherText);
        int num8 = num6;
        for (int i = 1; i <= num8; i++)
        {
            long num4;
            long num5;
            long num = Strings.Asc(Strings.Mid(ExecuteCipherText, i, 1));
            num7 ^= (long) Math.Round((double) (num * Math.Pow(2.0, (double) num4)));
            num7 ^= (long) Math.Round((double) (num * Math.Pow(2.0, (double) num5)));
            num4 = (num4 + 7L) % 0x13L;
            num5 = (num5 + 13L) % 0x17L;
        }
        return num7;
    }

    public string Decipher(string from_text)
    {
        string str2;
        long num3 = this.ExecuteCipherNumeric();
        VBMath.Rnd(-1f);
        VBMath.Randomize((double) num3);
        int num4 = Strings.Len(from_text);
        int num5 = num4;
        for (int i = 1; i <= num5; i++)
        {
            int charCode = Strings.AscW(Strings.Mid(from_text, i, 1));
            if ((charCode >= 0x20) & (charCode <= 0x4ec))
            {
                charCode -= 0x20;
                num3 = (long) Math.Round((double) Conversion.Int((float) (1230f * VBMath.Rnd())));
                charCode = (int) ((charCode - num3) % 0x4cdL);
                if (charCode < 0)
                {
                    charCode += 0x4cd;
                }
                charCode += 0x20;
                str2 = str2 + Conversions.ToString(Strings.ChrW(charCode));
            }
        }
        return str2;
    }

    private string ExecuteCipherText
    {
        get
        {
            if (this.MODEPASS == "tD@SW.deV18")
            {
                return "!5#a$p%]o[^3&e*l(6)";
            }
            return string.Empty;
        }
    }

    private string MODEPASS
    {
        get
        {
            return this._MODEPASS;
        }
        set
        {
            this._MODEPASS = value;
        }
    }
}

Open in new window

0
 

Author Closing Comment

by:davecove
ID: 33657829
I can make that work...  thank you!

Dave
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question