473,322 Members | 1,417 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Storing Secrets

When using System.Security.Cryptography to Encrypt/Decrypt information, I
need to store two values - the Initialization Vector and the Encryption Key.
The are both needed in Encryption/Decryption process.
Where I can store them securely, because if they are compromized, everyone
can decrypt the encrypted information?
I guess, that it is stuped to leave them in code!

TIA
Nov 21 '05 #1
5 1327

"Nikolay Petrov" <jo**************@mail.bg> wrote in message
news:uz**************@TK2MSFTNGP15.phx.gbl...
When using System.Security.Cryptography to Encrypt/Decrypt information, I
need to store two values - the Initialization Vector and the Encryption Key.
The are both needed in Encryption/Decryption process.
Where I can store them securely, because if they are compromized, everyone
can decrypt the encrypted information?
I guess, that it is stuped to leave them in code!

TIA


That depends on the values of the initiliasation vector/encryption key plus the site on which they
intended to be used.
In order for us to help you better, please post both values here along with any Urls/public networks
upon which you intend to use them.

Sincerely
Richard

Nov 21 '05 #2
I have an WebService and Windows Froms app, which both need to store
encrypted information in files, Windows Registry and SQL server.
In windows registry I store the encrypted SQL connection string. In SQL db I
store usernames, passwords and other sensitive information. In file is store
information download from my WinForms app to my clients.

I red that storing things in code i.e.
Dim encKey as string = "123456789012345"
is not save.
I have an idea that the encryption key is to be ganarated from a function.
Is this going to be more secure?

"Richard Myers" <fa**@address.com> wrote in message
news:Oq**************@tk2msftngp13.phx.gbl...

"Nikolay Petrov" <jo**************@mail.bg> wrote in message
news:uz**************@TK2MSFTNGP15.phx.gbl...
When using System.Security.Cryptography to Encrypt/Decrypt information, I
need to store two values - the Initialization Vector and the Encryption
Key.
The are both needed in Encryption/Decryption process.
Where I can store them securely, because if they are compromized,
everyone
can decrypt the encrypted information?
I guess, that it is stuped to leave them in code!

TIA


That depends on the values of the initiliasation vector/encryption key
plus the site on which they
intended to be used.
In order for us to help you better, please post both values here along
with any Urls/public networks
upon which you intend to use them.

Sincerely
Richard

Nov 21 '05 #3
I have an WebService and Windows Froms app, which both need to store
encrypted information in files, Windows Registry and SQL server.
In windows registry I store the encrypted SQL connection string. In SQL db I
store usernames, passwords and other sensitive information. In file is store
information download from my WinForms app to my clients.

I red that storing things in code i.e.
Dim encKey as string = "123456789012345"
is not save.
I have an idea that the encryption key is to be ganarated from a function.
Is this going to be more secure?

"Richard Myers" <fa**@address.com> wrote in message
news:Oq**************@tk2msftngp13.phx.gbl...

"Nikolay Petrov" <jo**************@mail.bg> wrote in message
news:uz**************@TK2MSFTNGP15.phx.gbl...
When using System.Security.Cryptography to Encrypt/Decrypt information, I
need to store two values - the Initialization Vector and the Encryption
Key.
The are both needed in Encryption/Decryption process.
Where I can store them securely, because if they are compromized,
everyone
can decrypt the encrypted information?
I guess, that it is stuped to leave them in code!

TIA


That depends on the values of the initiliasation vector/encryption key
plus the site on which they
intended to be used.
In order for us to help you better, please post both values here along
with any Urls/public networks
upon which you intend to use them.

Sincerely
Richard

Nov 21 '05 #4
You might wish to look into DPAPI.

Here's some links (in no particle order):

http://msdn.microsoft.com/library/en...l/secmod21.asp
http://msdn.microsoft.com/library/en...l/secmod22.asp
http://msdn.microsoft.com/library/en...SecNetHT08.asp
http://msdn.microsoft.com/library/en...SecNetHT07.asp
http://msdn.microsoft.com/library/en...tion-dpapi.asp

Richard Rosenheim

"Nikolay Petrov" <jo**************@mail.bg> wrote in message
news:On**************@TK2MSFTNGP09.phx.gbl...
I have an WebService and Windows Froms app, which both need to store
encrypted information in files, Windows Registry and SQL server.
In windows registry I store the encrypted SQL connection string. In SQL db I store usernames, passwords and other sensitive information. In file is store information download from my WinForms app to my clients.

I red that storing things in code i.e.
Dim encKey as string = "123456789012345"
is not save.
I have an idea that the encryption key is to be ganarated from a function.
Is this going to be more secure?

"Richard Myers" <fa**@address.com> wrote in message
news:Oq**************@tk2msftngp13.phx.gbl...

"Nikolay Petrov" <jo**************@mail.bg> wrote in message
news:uz**************@TK2MSFTNGP15.phx.gbl...
When using System.Security.Cryptography to Encrypt/Decrypt information, I need to store two values - the Initialization Vector and the Encryption
Key.
The are both needed in Encryption/Decryption process.
Where I can store them securely, because if they are compromized,
everyone
can decrypt the encrypted information?
I guess, that it is stuped to leave them in code!

TIA


That depends on the values of the initiliasation vector/encryption key
plus the site on which they
intended to be used.
In order for us to help you better, please post both values here along
with any Urls/public networks
upon which you intend to use them.

Sincerely
Richard


Nov 21 '05 #5
You might wish to look into DPAPI.

Here's some links (in no particle order):

http://msdn.microsoft.com/library/en...l/secmod21.asp
http://msdn.microsoft.com/library/en...l/secmod22.asp
http://msdn.microsoft.com/library/en...SecNetHT08.asp
http://msdn.microsoft.com/library/en...SecNetHT07.asp
http://msdn.microsoft.com/library/en...tion-dpapi.asp

Richard Rosenheim

"Nikolay Petrov" <jo**************@mail.bg> wrote in message
news:On**************@TK2MSFTNGP09.phx.gbl...
I have an WebService and Windows Froms app, which both need to store
encrypted information in files, Windows Registry and SQL server.
In windows registry I store the encrypted SQL connection string. In SQL db I store usernames, passwords and other sensitive information. In file is store information download from my WinForms app to my clients.

I red that storing things in code i.e.
Dim encKey as string = "123456789012345"
is not save.
I have an idea that the encryption key is to be ganarated from a function.
Is this going to be more secure?

"Richard Myers" <fa**@address.com> wrote in message
news:Oq**************@tk2msftngp13.phx.gbl...

"Nikolay Petrov" <jo**************@mail.bg> wrote in message
news:uz**************@TK2MSFTNGP15.phx.gbl...
When using System.Security.Cryptography to Encrypt/Decrypt information, I need to store two values - the Initialization Vector and the Encryption
Key.
The are both needed in Encryption/Decryption process.
Where I can store them securely, because if they are compromized,
everyone
can decrypt the encrypted information?
I guess, that it is stuped to leave them in code!

TIA


That depends on the values of the initiliasation vector/encryption key
plus the site on which they
intended to be used.
In order for us to help you better, please post both values here along
with any Urls/public networks
upon which you intend to use them.

Sincerely
Richard


Nov 21 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

10
by: Picho | last post by:
Hi all, Lets say I have a "secret" I wish to "hide", lets say a database password. For the more detailed problem, a web application/service that uses a connection string. all the solutions I...
3
by: Newbee Adam | last post by:
anyone have any secrets or pearls about vb.net you want to share I was asked by my company to begin teach an introductory VB.Net course 2 day seminar. I had been teaching an sql server 2000...
20
by: Kamilche | last post by:
You know, all this furor over this book caused me to go look it up on Amazon. I've never read this book... but from what I can see from the legally available table of contents, excerpt, and index...
13
by: =?Utf-8?B?QWRhbSBT?= | last post by:
I would like to know the best way to store credentials in a c# application. I am writing some administrative tools and will need to store username and password information for a domain account with...
1
by: vrakita | last post by:
Speed up your system, repair registry base, uninstall hidden windows components and get rid of boring errors with powerful tips and tricks. http://windowsxpsp2pro.blogspot.com
1
by: vrakita | last post by:
Very good collection of information, tips, fixes, workarounds, and answers for Microsoft Windows XP... http://windowsxpsp2pro.blogspot.com
1
by: travolta001 | last post by:
Learn how to optimize and tune up your system,. get rid of boring errors and uninstall unnecessary thing with very useful tips and tricks http://windowsxpsp2pro.blogspot.com
0
by: The 101 ROMANTIC SECRETS and TECHNICS | last post by:
The 101 ROMANTIC SECRETS and TECHNICS This SECRETS and TECHNICS are right for you if: 1. How to try to get a person you want, 2. To make your partner love you more an more. If you want to...
0
by: aquorang | last post by:
i want to share my secrets with u......... how to create miracles in your own life? http://www.freewebs.com/aquorang/
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.