Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to store an encryption key in app.config?

Posted on 2010-09-10
6
Medium Priority
?
932 Views
Last Modified: 2012-05-10

I have an encryption key created like this:
TripleDESCryptoServiceProvider encryptionKey = new TripleDESCryptoServiceProvider();

I am using it to encrypt an XML file.  I need to save this key so that I can decrypt the file later... days later...  how should I do that? In the App.config?

If so, how is that done?  (I have an App.config, I just don't know how to put a key in there)

Dave
0
Comment
Question by:davecove
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 3

Expert Comment

by:vusov
ID: 33652362
Yes you can save your key in the app.config using Settings class. So please add your key to the project settings and then use Save method like this:
Settings.Default.Key = "some key";
Settings.Default.Save();

But I would suggest to save you settings in some separate XML file using serialization.
0
 
LVL 31

Expert Comment

by:MlandaT
ID: 33652504
It is generally advisable not to store keys in plain text files, such as code files, settings files or the app.config. Anyone can access the key adn decrypt the data, which defeats the purpose of the encryption in the first place. http://msdn.microsoft.com/en-us/library/tswxhw92%28v=VS.90%29.aspx has recommendations how to store your keys safely.

http://msdn.microsoft.com/en-us/library/5e9ft273%28v=VS.90%29.aspx
0
 
LVL 4

Expert Comment

by:MichaelMH
ID: 33656805
In the content of the App.config file. Check the code bellow.
As MlandaT mentioned, is not a good idea at all to store sensitive information in plain text files.
My suggestion is to keep your key in database table for example. If this is not a valid solution for your scenario, the it would be better if you would encrypt your key and stored the encrypted version in App.config.


<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <appSettings>
    <add key="MyKeyIsHere" value="MyKeyValue"/>
  </appSettings>
</configuration>

Open in new window

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:davecove
ID: 33656883
MichaelMH...  what you wrote is what I want to do...  what I am looking for is the code to do that with a TripleDESCryptoServiceProvider object and not just a couple of common strings.

This is a low risk situation and I am trying to put up a minimal barrier to users reading the user.xml to discover passwords by 'scrambling' the passwords in the user.xml file.   If there is something like this, I would gladly use it

string seed = "a string to use as a seed for the encoder";
string scrambledPass = encrypt("realpassword",seed);
string unscrambledPass = decrypt(scrambledPass,seed);

Thank you for your time,
Dave
0
 
LVL 4

Accepted Solution

by:
MichaelMH earned 1000 total points
ID: 33657019
The code bellow is a conversion from VB to C# so you will have to do some search to convert the VB function to C# or you could import  the Microsoft.VisuaBasic namespace and make use of it directly.

public class EncryptDecrypt
{
    private const string _ExecuteCipherText = "!5#a$p%]o[^3&e*l(6)";
    private string _MODEPASS = string.Empty;
    private const string _MODEPASSCHECK = "tD@SW.deV18";
    private const int CIPHER_MAX_ASC = 0x4ec;
    private const int CIPHER_MIN_ASC = 0x20;
    private const int CIPHER_NUM_ASC = 0x4cd;

    public EncryptDecrypt(string MODE)
    {
        this.MODEPASS = MODE;
    }

    public string Cipher(string from_text)
    {
        string str2;
        long num3 = this.ExecuteCipherNumeric();
        Math.Rnd(-1f);
        Math.Randomize((double) num3);
        int num4 = Strings.Len(from_text);
        int num5 = num4;
        for (int i = 1; i <= num5; i++)
        {
            int charCode = Strings.AscW(Strings.Mid(from_text, i, 1));
            if ((charCode >= 0x20) & (charCode <= 0x4ec))
            {
                charCode -= 0x20;
                num3 = (long) Math.Round((double) Conversion.Int((float) (1230f * VBMath.Rnd())));
                charCode = (int) ((charCode + num3) % 0x4cdL);
                charCode += 0x20;
                str2 = str2 + Conversions.ToString(Strings.ChrW(charCode));
            }
        }
        return str2;
    }

    private long ExecuteCipherNumeric()
    {
        long num7;
        string ExecuteCipherText = this.ExecuteCipherText;
        int num6 = Strings.Len(ExecuteCipherText);
        int num8 = num6;
        for (int i = 1; i <= num8; i++)
        {
            long num4;
            long num5;
            long num = Strings.Asc(Strings.Mid(ExecuteCipherText, i, 1));
            num7 ^= (long) Math.Round((double) (num * Math.Pow(2.0, (double) num4)));
            num7 ^= (long) Math.Round((double) (num * Math.Pow(2.0, (double) num5)));
            num4 = (num4 + 7L) % 0x13L;
            num5 = (num5 + 13L) % 0x17L;
        }
        return num7;
    }

    public string Decipher(string from_text)
    {
        string str2;
        long num3 = this.ExecuteCipherNumeric();
        VBMath.Rnd(-1f);
        VBMath.Randomize((double) num3);
        int num4 = Strings.Len(from_text);
        int num5 = num4;
        for (int i = 1; i <= num5; i++)
        {
            int charCode = Strings.AscW(Strings.Mid(from_text, i, 1));
            if ((charCode >= 0x20) & (charCode <= 0x4ec))
            {
                charCode -= 0x20;
                num3 = (long) Math.Round((double) Conversion.Int((float) (1230f * VBMath.Rnd())));
                charCode = (int) ((charCode - num3) % 0x4cdL);
                if (charCode < 0)
                {
                    charCode += 0x4cd;
                }
                charCode += 0x20;
                str2 = str2 + Conversions.ToString(Strings.ChrW(charCode));
            }
        }
        return str2;
    }

    private string ExecuteCipherText
    {
        get
        {
            if (this.MODEPASS == "tD@SW.deV18")
            {
                return "!5#a$p%]o[^3&e*l(6)";
            }
            return string.Empty;
        }
    }

    private string MODEPASS
    {
        get
        {
            return this._MODEPASS;
        }
        set
        {
            this._MODEPASS = value;
        }
    }
}

Open in new window

0
 

Author Closing Comment

by:davecove
ID: 33657829
I can make that work...  thank you!

Dave
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This document covers how to connect to SQL Server and browse its contents.  It is meant for those new to Visual Studio and/or working with Microsoft SQL Server.  It is not a guide to building SQL Server database connections in your code.  This is mo…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question