• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 944
  • Last Modified:

How to store an encryption key in app.config?


I have an encryption key created like this:
TripleDESCryptoServiceProvider encryptionKey = new TripleDESCryptoServiceProvider();

I am using it to encrypt an XML file.  I need to save this key so that I can decrypt the file later... days later...  how should I do that? In the App.config?

If so, how is that done?  (I have an App.config, I just don't know how to put a key in there)

Dave
0
davecove
Asked:
davecove
1 Solution
 
vusovCommented:
Yes you can save your key in the app.config using Settings class. So please add your key to the project settings and then use Save method like this:
Settings.Default.Key = "some key";
Settings.Default.Save();

But I would suggest to save you settings in some separate XML file using serialization.
0
 
MlandaTCommented:
It is generally advisable not to store keys in plain text files, such as code files, settings files or the app.config. Anyone can access the key adn decrypt the data, which defeats the purpose of the encryption in the first place. http://msdn.microsoft.com/en-us/library/tswxhw92%28v=VS.90%29.aspx has recommendations how to store your keys safely.

http://msdn.microsoft.com/en-us/library/5e9ft273%28v=VS.90%29.aspx
0
 
MichaelMHCommented:
In the content of the App.config file. Check the code bellow.
As MlandaT mentioned, is not a good idea at all to store sensitive information in plain text files.
My suggestion is to keep your key in database table for example. If this is not a valid solution for your scenario, the it would be better if you would encrypt your key and stored the encrypted version in App.config.


<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <appSettings>
    <add key="MyKeyIsHere" value="MyKeyValue"/>
  </appSettings>
</configuration>

Open in new window

0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
davecoveAuthor Commented:
MichaelMH...  what you wrote is what I want to do...  what I am looking for is the code to do that with a TripleDESCryptoServiceProvider object and not just a couple of common strings.

This is a low risk situation and I am trying to put up a minimal barrier to users reading the user.xml to discover passwords by 'scrambling' the passwords in the user.xml file.   If there is something like this, I would gladly use it

string seed = "a string to use as a seed for the encoder";
string scrambledPass = encrypt("realpassword",seed);
string unscrambledPass = decrypt(scrambledPass,seed);

Thank you for your time,
Dave
0
 
MichaelMHCommented:
The code bellow is a conversion from VB to C# so you will have to do some search to convert the VB function to C# or you could import  the Microsoft.VisuaBasic namespace and make use of it directly.

public class EncryptDecrypt
{
    private const string _ExecuteCipherText = "!5#a$p%]o[^3&e*l(6)";
    private string _MODEPASS = string.Empty;
    private const string _MODEPASSCHECK = "tD@SW.deV18";
    private const int CIPHER_MAX_ASC = 0x4ec;
    private const int CIPHER_MIN_ASC = 0x20;
    private const int CIPHER_NUM_ASC = 0x4cd;

    public EncryptDecrypt(string MODE)
    {
        this.MODEPASS = MODE;
    }

    public string Cipher(string from_text)
    {
        string str2;
        long num3 = this.ExecuteCipherNumeric();
        Math.Rnd(-1f);
        Math.Randomize((double) num3);
        int num4 = Strings.Len(from_text);
        int num5 = num4;
        for (int i = 1; i <= num5; i++)
        {
            int charCode = Strings.AscW(Strings.Mid(from_text, i, 1));
            if ((charCode >= 0x20) & (charCode <= 0x4ec))
            {
                charCode -= 0x20;
                num3 = (long) Math.Round((double) Conversion.Int((float) (1230f * VBMath.Rnd())));
                charCode = (int) ((charCode + num3) % 0x4cdL);
                charCode += 0x20;
                str2 = str2 + Conversions.ToString(Strings.ChrW(charCode));
            }
        }
        return str2;
    }

    private long ExecuteCipherNumeric()
    {
        long num7;
        string ExecuteCipherText = this.ExecuteCipherText;
        int num6 = Strings.Len(ExecuteCipherText);
        int num8 = num6;
        for (int i = 1; i <= num8; i++)
        {
            long num4;
            long num5;
            long num = Strings.Asc(Strings.Mid(ExecuteCipherText, i, 1));
            num7 ^= (long) Math.Round((double) (num * Math.Pow(2.0, (double) num4)));
            num7 ^= (long) Math.Round((double) (num * Math.Pow(2.0, (double) num5)));
            num4 = (num4 + 7L) % 0x13L;
            num5 = (num5 + 13L) % 0x17L;
        }
        return num7;
    }

    public string Decipher(string from_text)
    {
        string str2;
        long num3 = this.ExecuteCipherNumeric();
        VBMath.Rnd(-1f);
        VBMath.Randomize((double) num3);
        int num4 = Strings.Len(from_text);
        int num5 = num4;
        for (int i = 1; i <= num5; i++)
        {
            int charCode = Strings.AscW(Strings.Mid(from_text, i, 1));
            if ((charCode >= 0x20) & (charCode <= 0x4ec))
            {
                charCode -= 0x20;
                num3 = (long) Math.Round((double) Conversion.Int((float) (1230f * VBMath.Rnd())));
                charCode = (int) ((charCode - num3) % 0x4cdL);
                if (charCode < 0)
                {
                    charCode += 0x4cd;
                }
                charCode += 0x20;
                str2 = str2 + Conversions.ToString(Strings.ChrW(charCode));
            }
        }
        return str2;
    }

    private string ExecuteCipherText
    {
        get
        {
            if (this.MODEPASS == "tD@SW.deV18")
            {
                return "!5#a$p%]o[^3&e*l(6)";
            }
            return string.Empty;
        }
    }

    private string MODEPASS
    {
        get
        {
            return this._MODEPASS;
        }
        set
        {
            this._MODEPASS = value;
        }
    }
}

Open in new window

0
 
davecoveAuthor Commented:
I can make that work...  thank you!

Dave
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now