469,923 Members | 1,548 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,923 developers. It's quick & easy.

Security - Best Encryption Mechanism

Hi

I need to store the credit card information in my database. I have
been looking for some third party tools which could provide encryption
for credit card numbers.

The help I need is:

a) What is the most secure encryption tool that can be used to store
credit card information?

b) Any tool which implements AES and does not expect a private key to
be supplied as shown in the sample application provided by
Microsoft. But in this case customize tool needs to be provided as
anybody can buy the tool and decrypt the information.

c) What is the best way to secure a private key used by the
algorithm like storing in RAM, registry, isolated storage etc? And
how to implement it.

d) If some code implementation, which allows encrypting securely
is available.
The client is ready to invest in Third Party Tool.
I short listed two third party .Net components for encryption:

Chilkat Software (http://www.chilkatsoft.com/dotNetCrypt.asp)

ezCrypto .NET (http://www.componentsource.com/Catal...R&POS=1&bhcp=1
)
Both the above are c# implemented tools and implement AES algorithm.

But the problem is both ask for private key to be supplied. And I need
to store the private key in a secure manner.
The work round I decided was to use the dll provided by the tool.
Write some login to generate dynamically private key for each of the
registered users based on his profile. Store this logic in a dll and
some how secure this logic, so that no body is able to access it. But
how to secure the logic is a concern, as dll can also be hacked to
view its contents.

One option I was looking at was to use isolated storage as provided by
..Net.
But I'm not sure can we store and access a dll using isolated storage.
It would be great if somebody can help me with the above problem.

Regards
Gaurav
Jul 21 '05 #1
2 1964
If you need to store a key in your code, then you should look at DPAPI.
There is not standard .Net implementation of it (its a Win32 API), but all
you need to know is here:
http://msdn.microsoft.com/library/de...l/secmod21.asp

Nick Holmes.

"gaurav khanna" <ga***********@wipro.com> wrote in message
news:dc**************************@posting.google.c om...
Hi

I need to store the credit card information in my database. I have
been looking for some third party tools which could provide encryption
for credit card numbers.

The help I need is:

a) What is the most secure encryption tool that can be used to store
credit card information?

b) Any tool which implements AES and does not expect a private key to
be supplied as shown in the sample application provided by
Microsoft. But in this case customize tool needs to be provided as
anybody can buy the tool and decrypt the information.

c) What is the best way to secure a private key used by the
algorithm like storing in RAM, registry, isolated storage etc? And
how to implement it.

d) If some code implementation, which allows encrypting securely
is available.
The client is ready to invest in Third Party Tool.
I short listed two third party .Net components for encryption:

Chilkat Software (http://www.chilkatsoft.com/dotNetCrypt.asp)

ezCrypto .NET (http://www.componentsource.com/Catal...CDATAPC&gd=Enc
ryption&bc=A100~A200~BUSFUNCDATAPC&sc=CS&PO=514745 &option=10444&RC=FCSR&POS=
1&bhcp=1 )
Both the above are c# implemented tools and implement AES algorithm.

But the problem is both ask for private key to be supplied. And I need
to store the private key in a secure manner.
The work round I decided was to use the dll provided by the tool.
Write some login to generate dynamically private key for each of the
registered users based on his profile. Store this logic in a dll and
some how secure this logic, so that no body is able to access it. But
how to secure the logic is a concern, as dll can also be hacked to
view its contents.

One option I was looking at was to use isolated storage as provided by
.Net.
But I'm not sure can we store and access a dll using isolated storage.
It would be great if somebody can help me with the above problem.

Regards
Gaurav

Jul 21 '05 #2
With code so easily reverse-engineered, isn't that considered a giant
security hole itself?

"Nick Holmes" <ni***@nospam.com> wrote in message
news:%2********************@TK2MSFTNGP10.phx.gbl.. .
If you need to store a key in your code, then you should look at DPAPI.
There is not standard .Net implementation of it (its a Win32 API), but all
you need to know is here:
http://msdn.microsoft.com/library/de...l/secmod21.asp
Nick Holmes.

Jul 21 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

5 posts views Thread by Nick | last post: by
116 posts views Thread by Mike MacSween | last post: by
2 posts views Thread by gaurav khanna | last post: by
29 posts views Thread by Martin | last post: by
2 posts views Thread by piter | last post: by
4 posts views Thread by SAL | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.