by Dominic Zukiewicz
25. July 2007 09:10
In order to encrypt data, you need a key and the data itself. The problem comes when you need to securely store the key!
Rather than go through a process of showing you how to retrieve secret keys from .exe files (which is no secret in itself!), I'm going to show you a quick way of using a key which you don't have to know in advance, you just use!
.NET introduced the System.Security.Cryptography in 1.0, but the 2.0 edition added the DPAPI extension.
Rather than waffling on, lets just jump into an example. The class we're focusing on is the ProtectedData class:
using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography;
namespace CryptExample
{
class Program
{
static void Main(string[] args)
{
byte[] myData = Encoding.UTF8.GetBytes("Hello");
Console.WriteLine("Data before: {0}", Convert.ToBase64String(myData));
byte[] encrypted = ProtectedData.Protect(myData, null, DataProtectionScope.CurrentUser);
Console.WriteLine("Data after encryption: {0}",Convert.ToBase64String(encrypted));
myData = ProtectedData.Unprotect(encrypted, null, DataProtectionScope.CurrentUser);
Console.WriteLine("Data decrypted: {0}", Convert.ToBase64String(myData));
Console.Read();
}
}
}
Where is the key!?
I hear you ask. Well, if you look at the DataProtectionScope.CurrentUser enumeration, you will see it!
This enumeration has 2 options: CurrentUser , and LocalMachine. In other words, you can either encrypt data for the local user, or encrypt it across the machine - excellent!
But what if you want to encrypt the file and send it somewhere outside your computer? Unfortunately, this isn't an option. The key is machine/user specific and sending an encrypted file to someone else to "Unprotect" will render it useless.
6be6cf05-ff1b-4e32-a7b5-c3c427908265|0|.0
Tags:
Misc
Subscribe