Needed Help to devise a Strategy for Encryption/Decryption of connectionstring

Topics: Cryptography Application Block, General discussion
Sep 5, 2008 at 9:28 AM
Hi,
I've got a windows application which is using EntLib 3.1's Data Access App Block to store connectionstring in a config file, initially i used DataAccess App Block's Protection provider option to encrypt/decrypt the whole configuration Section, but there was a problem that anybody can decrypt it via EntLib's Configuration Utility thus rendering it useless. Then i looked up to the Cryptography Application Block to encrypt/decrypt the connectionstring but still there are some problems. I want to use RijndaelManaged to encrypt my data, for which i made a key file. Now if i will deploy my application i have to provide this key file with the application, which is only specific for my machine as i have selected MachineMode. How can i use this key on any of the PCs where my application is gonna be installed and if i will give my key file along with the application then anybody can decrypt my data using that key. Can anybody give me a suggestion or tip to get it right.

Thanks,
--Ayub
Sep 5, 2008 at 12:02 PM
Hi,

Regardless of whether you use create your own configuration encryption mechanism or use the one built in the .NET framework, you need to keep in mind that any user who is able to run your app will be able to read the unencrypted configuration; not being able to read it with the configuration console is just a minor inconvenience.

If you want to prevent users who are not supposed to run your app from reading the unencrypted configuration you can define a new RSA encryption provider and properly set up its ACL so only the users authorized to use the app can decrypt configuration. You can find plenty of information about this in http://msdn.microsoft.com/en-us/library/ms998283.aspx. This is particularly useful for ASP.NET apps; even if you're using impersonation, only the ASP.NET user needs to be granted access to the encryption key.

If you still want roll your own encryption schema based on the crypto block then you'll need to distribute keys as described in http://msdn.microsoft.com/en-us/library/cc511603.aspx.

Assuming you're using SQL Server, you can you use Windows Integrated Authentication with your database server instead of storing passwords in your connection string; this is the recommended approach.

Hope this helps,
Fernando
Sep 8, 2008 at 5:12 AM
Hi Fernando,

Thnks for the prompt reply. I think using EntLib's Protection for configuration section will work fine for us. But there is a problem i want to discuss i.e. if i am encrypting the whole configuration section during installation at client's machine, then it could only be decrypted on client's machine. I want to avoid this approach because we will be asking our client to send us the config file in case of any problem in application's configuration, You can understand that there is no way we can decrypt that config file. So what do u suggest in this regard.

Regards,
Ayub
Sep 9, 2008 at 2:02 PM
Hi,

You could add some kind of utility that dumped an unencrypted version of the configuration so the could send it to you, or ask your customers to use aspnet_regiis to do it. It's hard to tell what's appropriate in general.

Fernando
Sep 10, 2008 at 4:27 AM
Hi Fernando,

Thnks again. After a lot of thought i've shortlisted two approaches i.e.
  1. We should hardcode the Key and IV in our code and im using Rijndael Managed. I know that its not a recommended approach but its not difficult to deploy at client's. And we were using the hardcoded Key and IV thing in our previous C++ projects too. I've got the managed version(written by me) and unmanaged one(being used in previous projects). Both using Rijndael with hardcoded Key and IV. If ur recommending this approach then should i use managed or unmanaged version and how can i add a salt to my managed version?
  2. I've written the code to generate and import the key on client side, but again my manager dont like this approach because of the key lying on clients PC. If ur recommending this approach then can u plz suggest a way to hide the key from prying eyes.
Regards,
Ayub
Sep 10, 2008 at 3:17 PM
Hi Ayub,

I'm afraid I'm not qualified to answer you questions. I'm curious though, what do you mean by "the key lying on clients PC"? Which key is that? A customer's key or your key?

Regarding how to use RijndaelManaged with salt, take a look at http://msdn.microsoft.com/en-us/library/system.security.cryptography.passwordderivebytes.aspx.

Regards,
Fernando