473,322 Members | 1,405 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Asp.net and Encryption: Where to store the keys?

One thing that's always puzzled me about implementing encryption on
remote asp.net apps is where to store the keys. The demo code indicate
that you include them in a configuration file, but this would seem to
defeat the purpose. If someone obtained the configuration file and
they knew the encryption method, then they could decrypt your data.

Storing them hard-coded in the app is just as bad, since it can be
disassembled. Obfuscation could help, but the string would still be
obtainable.

So, my question is, how should encryption keys be handled?

Ideas? Pointers to good articles on the subject?

Thanks
Nov 19 '05 #1
1 2272
Ah, yes, you've stumbled across the question everybody wants the answer to.
But there is no one answer. If everybody stored their keys in the same
place then hackers would know exactly where to attack.
Here's an interesting thread on the topic:
http://www.issociate.de/board/post/2...y_Storage.html

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net
"David" <ma******@sbcglobal.net> wrote in message
news:sf********************************@4ax.com...
One thing that's always puzzled me about implementing encryption on
remote asp.net apps is where to store the keys. The demo code indicate
that you include them in a configuration file, but this would seem to
defeat the purpose. If someone obtained the configuration file and
they knew the encryption method, then they could decrypt your data.

Storing them hard-coded in the app is just as bad, since it can be
disassembled. Obfuscation could help, but the string would still be
obtainable.

So, my question is, how should encryption keys be handled?

Ideas? Pointers to good articles on the subject?

Thanks

Nov 19 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: Harold Crump | last post by:
Greetings, I have a requirement of storing some .xml files on a web server. The files will contain financial information like credit card numbers, so I would like to encrypt them. The files...
14
by: Ray Cassick \(Home\) | last post by:
Ok, time to ask the question here.. I have been battling over this one for sometime now and just have to ask it. I have created a few classes that I use to act a security keys. These classes get...
34
by: jlocc | last post by:
Hi! I was wondering if someone can recommend a good encryption algorithm written in python. My goal is to combine two different numbers and encrypt them to create a new number that cann't be...
113
by: Bonj | last post by:
I was in need of an encryption algorithm to the following requirements: 1) Must be capable of encrypting strings to a byte array, and decyrpting back again to the same string 2) Must have the same...
3
by: RDI | last post by:
I'm using RSACryptoServiceProvider to encrypt data. I successfully got it to encrypt a string of less than 59 chars. Now I'm trying to handled longer strings. I was able to get it encrypt the...
4
by: PJones | last post by:
I am looking for the best way to one way encrypt a password for storage in a database using (asp.net / vb.net) basically I need some functions or examples that I can freely use in a commercial...
4
by: rcamarda | last post by:
Hello, I have been researching the use of symmetic and asymmetic encryption in SQL 2005 and I am pretty excited to give it a try. Through examples, I can encrypt the data, but I cant figure out...
7
by: Steven Cliff | last post by:
I have started to use the new Enterprise Library (Jan 06) and have set up a skeleton project using the DAAB. This all seems to work fine apart from when I come to secure the app.config file via...
7
by: Mark Rae | last post by:
Hi, Picking your collective brains again, this time regarding the storage of the key used in symmetric encryption. Let's say you have a requirement to add encryption to a C# project, so you...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.