473,804 Members | 3,549 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

DPAPI Encryption Help

I am working on using DPAPI user profile store to encrypt a connection
string in web.config file, using VB.NET

1. I have a situation here, I would not want the DPAPI User profile to
be Administrator dependent, and I would like to load a user profile I
have created for encryption & decryption directly. In other words I want
to load the user profile without having have administrator privileges.
I’m using VB.NET, & would like to deviate from using Windows Service
Component to load the profile.

2. If this option is not feasible, could anybody suggest a safe
method to encrypt a string in config file. I cannot use the registry
or a database or machine dependent for password store. This leaves me
with one option to hard code the key into the code. I was looking for a
different side by approach to prevent de-obfuscator from retrieving
this.
I would really appreciate if somebody would help me with this situation.
It’s a kind of tricky situation. Even if I would want to hard code the
password string what would be the safest approach, I could use unmanaged
code, but then I would want to make this access hard for access.

A help would be greatly appreciated.
Thanking you
Shaun


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 20 '05 #1
2 1795
This may help.......

http://groups.google.com/groups?hl=e...ftngxa05#link3

"Shaun Ram" <tr************ @yahoo.com> wrote in message
news:%2******** ********@TK2MSF TNGP11.phx.gbl. ..
I am working on using DPAPI user profile store to encrypt a connection
string in web.config file, using VB.NET

1. I have a situation here, I would not want the DPAPI User profile to
be Administrator dependent, and I would like to load a user profile I
have created for encryption & decryption directly. In other words I want
to load the user profile without having have administrator privileges.
I'm using VB.NET, & would like to deviate from using Windows Service
Component to load the profile.

2. If this option is not feasible, could anybody suggest a safe
method to encrypt a string in config file. I cannot use the registry
or a database or machine dependent for password store. This leaves me
with one option to hard code the key into the code. I was looking for a
different side by approach to prevent de-obfuscator from retrieving
this.
I would really appreciate if somebody would help me with this situation.
It's a kind of tricky situation. Even if I would want to hard code the
password string what would be the safest approach, I could use unmanaged
code, but then I would want to make this access hard for access.

A help would be greatly appreciated.
Thanking you
Shaun


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 20 '05 #2
If you have a certificate, you can install that certificate into the
certificate store of the machine, which should keep it from prying eyes
(certificate stores are about as safe as you can get without using a
smartcard or other disconnected storage storage device).
You can then use the certificate's key to generate a data digital envelope.
The envelope includes the connection string, which is encrypted with an
attached symmetric key and signed using the certificate's key.
More work for you, but you won't have to depend on DPAPI.

-Rob Teixeira [MVP]

"Shaun Ram" <tr************ @yahoo.com> wrote in message
news:%2******** ********@TK2MSF TNGP11.phx.gbl. ..
I am working on using DPAPI user profile store to encrypt a connection
string in web.config file, using VB.NET

1. I have a situation here, I would not want the DPAPI User profile to
be Administrator dependent, and I would like to load a user profile I
have created for encryption & decryption directly. In other words I want
to load the user profile without having have administrator privileges.
I'm using VB.NET, & would like to deviate from using Windows Service
Component to load the profile.

2. If this option is not feasible, could anybody suggest a safe
method to encrypt a string in config file. I cannot use the registry
or a database or machine dependent for password store. This leaves me
with one option to hard code the key into the code. I was looking for a
different side by approach to prevent de-obfuscator from retrieving
this.
I would really appreciate if somebody would help me with this situation.
It's a kind of tricky situation. Even if I would want to hard code the
password string what would be the safest approach, I could use unmanaged
code, but then I would want to make this access hard for access.

A help would be greatly appreciated.
Thanking you
Shaun


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 20 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
1389
DPAPI - Implementation problem
by: james | last post by:
I have crated DPAPI libraries and Serviced component running under a specific user. But when i call this serviced component to encrypt a specific username and password(input values) it gives me different encrpyted values everytime. so when i send this encrypted values for decryption i get an error displayed as "Key not
.NET Framework
1
1594
System.Enterprise Services DPAPI
by: Nicholas Then | last post by:
I have just written a COM object which ties into a roaming user profile so that I may use DPAPI on many machines and have the same encryption and decryption. When I install it on 2 of my servers it works great one server can decrypt the other server's data. That tells me that the roaming profile is being used properly. Now if I put the same profile on my development machine (XP SP2) I cannot decrypt data coming from the servers and the...
.NET Framework
1
412
Error Using DPAPI (User Store) from ASP.NET with Enterprise Services
by: HardBap | last post by:
I'm following the MSDN Article here: <link> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT08.asp </link> All works fine until I try an decrypt the string. I get this error: <error> Exception: Exception decrypting.Exception decrypting. Decryption
.NET Framework
0
1137
Declaring the APIs for DPAPI in C#
by: Kalvin | last post by:
I am using the article on Microsoft's site to create a DPAPI library at: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod21.asp On the API declarations I am getting on error on the bool right before the API name. The error is "Expected class, delegate, enum, interface, or struct" I'm not a C# wiz and I don't understand how to correct this, or why I am getting it. Please help. I am getting the same...
C# / C Sharp
1
1301
DPAPI Encryption string Pattern
by: Shaun | last post by:
Hi, I'm trying to implement encryption of connection string using DPAPI User Store. One of the objective is, after reading the connection string from Web.config file, my program has to know if the string is encrypted or a regular connection string, & depending on this my application uses the connection string or decrupts & reads the connection string. I don't want to append any special characters into the string, or want to add in any...
Visual Basic .NET
2
2110
DPAPI Examples
by: PurpleServerMonkey | last post by:
At the moment I'm writing a network aware application in C# .Net 2.0 and I'd like to ask the group for advice on how I should store the username and password for the connection. The application is a WinForms based application for Windows XP systems that works like a POP mail client in that the client software has to store a username and password for later use. Obviously I don't want to store that information inside the application or in...
.NET Framework
0
1043
SecureString error, DPAPI in windows 98 etc etc
by: pinki | last post by:
Hello I have problem with DPAPI in windows 98. I`m trying to use class SecureString (Framework 2.0.x) in my .net application. I get exception: "SecureString is only supported on Windows 2000 SP3 and higher platforms." I understand this exception but question is: Is it possible to do something to run this application in windows 98? Has anybody some ideas?
.NET Framework
3
3811
security, passwords, and DPAPI
by: michael sorens | last post by:
In the interests of increasing security, I came upon the DPAPI security library available from the GotDotNet user samples repository. What I want to do is create an applications that accesses a database with one single password embedded in the program, so it may be run by any user on any machine. I observe that one may specify a UserStore or a MachineStore for constraining the encryption. That seems to imply that my application would only...
C# / C Sharp
1
8990
DPAPI - decrypt error: Decryption failed. Key not valid for use in specified state.
by: BigLuzer | last post by:
hi i am using the following setup: - .net 1.1 - 2 load-balanced iis servers - DPAPI machine store. - C# - i encrypted the connection string separately, one on each machine. the error i get is: - Exception decrypting. Decryption failed. Key not
ASP.NET
0
9706
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
10580
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10335
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
10082
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
9157
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7621
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5652
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4301
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
3
2993
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us