473,763 Members | 7,044 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Security - Best Encryption Mechanism

Hi

I need to store the credit card information in my database. I have
been looking for some third party tools which could provide encryption
for credit card numbers.

The help I need is:

a) What is the most secure encryption tool that can be used to store
credit card information?

b) Any tool which implements AES and does not expect a private key to
be supplied as shown in the sample application provided by
Microsoft. But in this case customize tool needs to be provided as
anybody can buy the tool and decrypt the information.

c) What is the best way to secure a private key used by the
algorithm like storing in RAM, registry, isolated storage etc? And
how to implement it.

d) If some code implementation, which allows encrypting securely
is available.
The client is ready to invest in Third Party Tool.
I short listed two third party .Net components for encryption:

Chilkat Software (http://www.chilkatsoft.com/dotNetCrypt.asp)

ezCrypto .NET (http://www.componentsource.com/Catal...R&POS=1&bhcp=1
)
Both the above are c# implemented tools and implement AES algorithm.

But the problem is both ask for private key to be supplied. And I need
to store the private key in a secure manner.
The work round I decided was to use the dll provided by the tool.
Write some login to generate dynamically private key for each of the
registered users based on his profile. Store this logic in a dll and
some how secure this logic, so that no body is able to access it. But
how to secure the logic is a concern, as dll can also be hacked to
view its contents.

One option I was looking at was to use isolated storage as provided by
..Net.
But I'm not sure can we store and access a dll using isolated storage.
It would be great if somebody can help me with the above problem.

Regards
Gaurav
Jul 21 '05 #1
2 2139
If you need to store a key in your code, then you should look at DPAPI.
There is not standard .Net implementation of it (its a Win32 API), but all
you need to know is here:
http://msdn.microsoft.com/library/de...l/secmod21.asp

Nick Holmes.

"gaurav khanna" <ga***********@ wipro.com> wrote in message
news:dc******** *************** ***@posting.goo gle.com...
Hi

I need to store the credit card information in my database. I have
been looking for some third party tools which could provide encryption
for credit card numbers.

The help I need is:

a) What is the most secure encryption tool that can be used to store
credit card information?

b) Any tool which implements AES and does not expect a private key to
be supplied as shown in the sample application provided by
Microsoft. But in this case customize tool needs to be provided as
anybody can buy the tool and decrypt the information.

c) What is the best way to secure a private key used by the
algorithm like storing in RAM, registry, isolated storage etc? And
how to implement it.

d) If some code implementation, which allows encrypting securely
is available.
The client is ready to invest in Third Party Tool.
I short listed two third party .Net components for encryption:

Chilkat Software (http://www.chilkatsoft.com/dotNetCrypt.asp)

ezCrypto .NET (http://www.componentsource.com/Catal...CDATAPC&gd=Enc
ryption&bc=A100 ~A200~BUSFUNCDA TAPC&sc=CS&PO=5 14745&option=10 444&RC=FCSR&POS =
1&bhcp=1 )
Both the above are c# implemented tools and implement AES algorithm.

But the problem is both ask for private key to be supplied. And I need
to store the private key in a secure manner.
The work round I decided was to use the dll provided by the tool.
Write some login to generate dynamically private key for each of the
registered users based on his profile. Store this logic in a dll and
some how secure this logic, so that no body is able to access it. But
how to secure the logic is a concern, as dll can also be hacked to
view its contents.

One option I was looking at was to use isolated storage as provided by
.Net.
But I'm not sure can we store and access a dll using isolated storage.
It would be great if somebody can help me with the above problem.

Regards
Gaurav

Jul 21 '05 #2
With code so easily reverse-engineered, isn't that considered a giant
security hole itself?

"Nick Holmes" <ni***@nospam.c om> wrote in message
news:%2******** ************@TK 2MSFTNGP10.phx. gbl...
If you need to store a key in your code, then you should look at DPAPI.
There is not standard .Net implementation of it (its a Win32 API), but all
you need to know is here:
http://msdn.microsoft.com/library/de...l/secmod21.asp
Nick Holmes.

Jul 21 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
5
2045
Security Implementation
by: Nick | last post by:
I am working on an application for a client that will involve using remoting. They do not want to use integrated security so I was going to store usernames and hashed passwords in a SQL Database. I have a table in the database that will also contain their session information which it will encrypt and store as a class on the client end. Each time they connect to the server I will pass the session class back and it will decrypt, then...
.NET Framework
116
7548
Security - more complex than I thought
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data and some who couldn't but that it wasn't important right now. And I said, 'sure, we can do that later'. So now I've developed an app without any thought to security and am trying to apply it afterwards. Doh!, doh! and triple doh!
Microsoft Access / VBA
0
3556
Tough security question using System.Security.Cryptography.RijndaelManaged.
by: Andrzej | last post by:
Hi, I have to figure out why we have a problem with special characters in encrypted usernames and passwords. Case: Username: r&bgeorge Password: tigger
C# / C Sharp
2
2524
Security - Best Encryption Mechanism
by: gaurav khanna | last post by:
Hi I need to store the credit card information in my database. I have been looking for some third party tools which could provide encryption for credit card numbers. The help I need is: a) What is the most secure encryption tool that can be used to store credit card information?
C# / C Sharp
29
2150
Database security (crosspost)
by: Martin | last post by:
Sorry, the prior message was multi-posted. Here's a cross-posted version. Please disregard the other one. Is there a way to create and encrypted database file? What do people do when data security is important at the file level? In other words, you don't want anyone to be able to take the database file (or files) and extract data from them.
Microsoft SQL Server
14
3505
Connection String in .config file - Security Concerns
by: WebMatrix | last post by:
Hello, I have developed a web application that connects to 2 different database servers. The connection strings with db username + password are stored in web.config file. After a code review, one developer suggested that it's a security flaw; therefore connection strings should be kept somewhere else or encrypted. My argument is that web.config file is protected by IIS and Windows security which is the case. And another argument is that...
C# / C Sharp
2
1790
WS-Security Question
by: piter | last post by:
Hi. My goal is to achive security similiar to the HTTPS. The data visible for the port sniffer must be ciphered. Is this possible with WS-Security or WS-Security only enables mi to secure authorization and other stuff. i will appreciate any answers. regards PK
.NET Framework
3
3333
Clustering, Security, Performance, Load Balance
by: Manish | last post by:
I think this question has been asked number of times. However, I am looking for some specific information. Perhaps some of you can help close the gap. Or perhaps you can point me towards right direction. Perhaps this group can help me fill in ms-sqlserver related following questions. 1. Do this database have data Clustering capabilities? 1a. If yes, what mechanism is used such as shared disk, share nothing, etc.
Microsoft SQL Server
4
1933
Web app security
by: SAL | last post by:
Hello, at our company we have two different web development platforms, ASP.NET and ColdFusion. We are trying to merge security between the platforms to provide a security blanket, so-to-speak, around all our apps. We are trying to come up with the same encryption for a simple string with a simple Key using AES encryption. Since AES uses Rijndael I'm using that algorithm. I admit my understanding of this is very limited but here's what we...
ASP.NET
0
9563
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9386
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10144
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
1
9937
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
8821
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
6642
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5270
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5405
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
3
2793
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us