Solved

How to store an encryption key in app.config?

Posted on 2010-09-10
6
898 Views
Last Modified: 2012-05-10

I have an encryption key created like this:
TripleDESCryptoServiceProvider encryptionKey = new TripleDESCryptoServiceProvider();

I am using it to encrypt an XML file.  I need to save this key so that I can decrypt the file later... days later...  how should I do that? In the App.config?

If so, how is that done?  (I have an App.config, I just don't know how to put a key in there)

Dave
0
Comment
Question by:davecove
6 Comments
 
LVL 3

Expert Comment

by:vusov
ID: 33652362
Yes you can save your key in the app.config using Settings class. So please add your key to the project settings and then use Save method like this:
Settings.Default.Key = "some key";
Settings.Default.Save();

But I would suggest to save you settings in some separate XML file using serialization.
0
 
LVL 30

Expert Comment

by:MlandaT
ID: 33652504
It is generally advisable not to store keys in plain text files, such as code files, settings files or the app.config. Anyone can access the key adn decrypt the data, which defeats the purpose of the encryption in the first place. http://msdn.microsoft.com/en-us/library/tswxhw92%28v=VS.90%29.aspx has recommendations how to store your keys safely.

http://msdn.microsoft.com/en-us/library/5e9ft273%28v=VS.90%29.aspx
0
 
LVL 4

Expert Comment

by:MichaelMH
ID: 33656805
In the content of the App.config file. Check the code bellow.
As MlandaT mentioned, is not a good idea at all to store sensitive information in plain text files.
My suggestion is to keep your key in database table for example. If this is not a valid solution for your scenario, the it would be better if you would encrypt your key and stored the encrypted version in App.config.


<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <appSettings>
    <add key="MyKeyIsHere" value="MyKeyValue"/>
  </appSettings>
</configuration>

Open in new window

0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 

Author Comment

by:davecove
ID: 33656883
MichaelMH...  what you wrote is what I want to do...  what I am looking for is the code to do that with a TripleDESCryptoServiceProvider object and not just a couple of common strings.

This is a low risk situation and I am trying to put up a minimal barrier to users reading the user.xml to discover passwords by 'scrambling' the passwords in the user.xml file.   If there is something like this, I would gladly use it

string seed = "a string to use as a seed for the encoder";
string scrambledPass = encrypt("realpassword",seed);
string unscrambledPass = decrypt(scrambledPass,seed);

Thank you for your time,
Dave
0
 
LVL 4

Accepted Solution

by:
MichaelMH earned 250 total points
ID: 33657019
The code bellow is a conversion from VB to C# so you will have to do some search to convert the VB function to C# or you could import  the Microsoft.VisuaBasic namespace and make use of it directly.

public class EncryptDecrypt
{
    private const string _ExecuteCipherText = "!5#a$p%]o[^3&e*l(6)";
    private string _MODEPASS = string.Empty;
    private const string _MODEPASSCHECK = "tD@SW.deV18";
    private const int CIPHER_MAX_ASC = 0x4ec;
    private const int CIPHER_MIN_ASC = 0x20;
    private const int CIPHER_NUM_ASC = 0x4cd;

    public EncryptDecrypt(string MODE)
    {
        this.MODEPASS = MODE;
    }

    public string Cipher(string from_text)
    {
        string str2;
        long num3 = this.ExecuteCipherNumeric();
        Math.Rnd(-1f);
        Math.Randomize((double) num3);
        int num4 = Strings.Len(from_text);
        int num5 = num4;
        for (int i = 1; i <= num5; i++)
        {
            int charCode = Strings.AscW(Strings.Mid(from_text, i, 1));
            if ((charCode >= 0x20) & (charCode <= 0x4ec))
            {
                charCode -= 0x20;
                num3 = (long) Math.Round((double) Conversion.Int((float) (1230f * VBMath.Rnd())));
                charCode = (int) ((charCode + num3) % 0x4cdL);
                charCode += 0x20;
                str2 = str2 + Conversions.ToString(Strings.ChrW(charCode));
            }
        }
        return str2;
    }

    private long ExecuteCipherNumeric()
    {
        long num7;
        string ExecuteCipherText = this.ExecuteCipherText;
        int num6 = Strings.Len(ExecuteCipherText);
        int num8 = num6;
        for (int i = 1; i <= num8; i++)
        {
            long num4;
            long num5;
            long num = Strings.Asc(Strings.Mid(ExecuteCipherText, i, 1));
            num7 ^= (long) Math.Round((double) (num * Math.Pow(2.0, (double) num4)));
            num7 ^= (long) Math.Round((double) (num * Math.Pow(2.0, (double) num5)));
            num4 = (num4 + 7L) % 0x13L;
            num5 = (num5 + 13L) % 0x17L;
        }
        return num7;
    }

    public string Decipher(string from_text)
    {
        string str2;
        long num3 = this.ExecuteCipherNumeric();
        VBMath.Rnd(-1f);
        VBMath.Randomize((double) num3);
        int num4 = Strings.Len(from_text);
        int num5 = num4;
        for (int i = 1; i <= num5; i++)
        {
            int charCode = Strings.AscW(Strings.Mid(from_text, i, 1));
            if ((charCode >= 0x20) & (charCode <= 0x4ec))
            {
                charCode -= 0x20;
                num3 = (long) Math.Round((double) Conversion.Int((float) (1230f * VBMath.Rnd())));
                charCode = (int) ((charCode - num3) % 0x4cdL);
                if (charCode < 0)
                {
                    charCode += 0x4cd;
                }
                charCode += 0x20;
                str2 = str2 + Conversions.ToString(Strings.ChrW(charCode));
            }
        }
        return str2;
    }

    private string ExecuteCipherText
    {
        get
        {
            if (this.MODEPASS == "tD@SW.deV18")
            {
                return "!5#a$p%]o[^3&e*l(6)";
            }
            return string.Empty;
        }
    }

    private string MODEPASS
    {
        get
        {
            return this._MODEPASS;
        }
        set
        {
            this._MODEPASS = value;
        }
    }
}

Open in new window

0
 

Author Closing Comment

by:davecove
ID: 33657829
I can make that work...  thank you!

Dave
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now