Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help With System.Security.Cryptography

Status
Not open for further replies.
HiBoo

HiBoo

Programmer
Jan 11, 2000
88
CA
I'm new with .NET and trying to figure out the use of encryption. I've created an app that utilizes XML as a data source and I want to learn how best to encrypt the xml file. What I'm missing in this code is the ability to shut the application down and run it again later without losing the encryption key values.

I've created two procedures to import and export the data. The variable m_encrypted is a private variable string that indicates the xml file name. The Key and IV variables are also privately declared and I know this is what I have to change but I'm uncertain where to go with it.
Code: 
Private Sub LoadEncryptedData()
        Dim stream As New System.IO.FileStream _
                    (m_encrypted, System.IO.FileMode.Open)

        Dim tdes As New TripleDESCryptoServiceProvider
        tdes.Key = key
        tdes.IV = IV

        Dim cs As New CryptoStream(stream _ 
            , tdes.CreateDecryptor(), CryptoStreamMode.Read)
        Me.DsDirectory.Tables(0).ReadXml(cs)
        cs.Close()
        stream.Close()

End Sub
Code: 
Private Sub ExportEncryptedData()

        Dim stream As New System.IO.FileStream _
             (m_encrypted, system.IO.FileMode.OpenOrCreate)

        Dim tdes As New TripleDESCryptoServiceProvider
        Dim cs As New CryptoStream(stream _
                            , tdes.CreateEncryptor() _
                            , CryptoStreamMode.Write)
        Me.DsDirectory.Tables(0).WriteXml(cs)

        key = tdes.Key
        IV = tdes.IV

        cs.Close()
        stream.Close()

    End Sub

Where is the best place to store the Key and IV variables after exporting the data to the xml file so that they are safe and secure and are retrievable after the application has been closed and reopened? The Key and IV variables are byte arrays.
 
Sort by date Sort by votes
Mastakilla, do you mean a constant value for the Key and IV values? Would this not compromise the security of the encryption as a hacker could retrieve the constant values if stored in the code. The TripleDESCryptoServiceProvider randomly generates a Key and IV value when the CreateEncryptor() function is passed through the CryptoStream function. I want to know how best to store the Key and IV values generated when created during the Export procedure so that they can be used again when the data is imported back into the application once it has been shut down and re-opened.

I think I need to use a User setting in the My.Settings namespace but I'm not sure how to store a byte array as in VS2005 it won't let me create one.
 
Upvote 0 Downvote
It would compromise security if you don't protect your assembly. There are some software on the market that can prevent hackers from breaking into your code(ex: CodeVeil).

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tomminil4
  • Locked
  • Question
Help with VBA code
Replies
3
Views
215
strongm
strongm
2009luca
  • Locked
  • Question
TWO table with the same classname 1
Replies
3
Views
197
Andrzejek
Andrzejek
2009luca
  • Locked
  • Question
graph with access database - im on vb6 2
Replies
10
Views
395
strongm
strongm
2009luca
  • Locked
  • Question
SORT msflexgrid column 1 with decimal number 1
Replies
4
Views
191
2009luca
2009luca
R_a_i_n_e_r_8
  • Locked
  • Question
Compile error: Types of intolerance (need help)
Replies
3
Views
419
strongm
strongm

Part and Inventory Search

Sponsor

Back
Top