Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / April 2008

Tip: Looking for answers? Try searching our database.

Using the cryptography enterprise library application block

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Brian Nielsen - 04 Apr 2008 14:50 GMT
Hi

I'm trying to use the Cryptography application block within a web
application and have encountered a problem that I hope you can help resolve.

1. When I create a key file through "Enterprise Library Configuration", I
select e.g the 3DES provider and goes through the wizard of creating a key.
A part of the wizard wants to further enhance security by encrypting the key
either in "User mode" or "Machine mode", using the currently logged in user
to encrypt the key or some machine information to encrypt the key.

If I select "User mode", does this mean that the only person that can
encrypt/decrypt data using this key, is the user that created the key because
the key have been encrypted using that user credentials?

If so, how can I make the Cryptographic application block use a key that
anyone have access to and can use?

And how do I create this key?

I hope my questions make sense to you :-)

Regards

Brian Braad Nielsen
Reply to this Message
Cowboy (Gregory A. Beamer) - 04 Apr 2008 16:42 GMT
Not necessarily. It will restrict the data to the process as the "user" in
question is generally the process ASP.NET is running under. Both machine
mode and user mode keys are already created by .NET.

I have not delved deeply into Ent Lib, so I cannot answer the best way to
set up the Crypto block. If you want more info on what is going on
underneath the hood, look up the Data Protection API (DPAPI). You will
likely find clues there.

For the EntLib, I would consider looking at the following:
http://msdn2.microsoft.com/en-us/library/aa480453.aspx

Signature

Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://gregorybeamer.spaces.live.com/lists/feed.rss

or just read it:
http://gregorybeamer.spaces.live.com/

*************************************************

| Think outside the box!

*************************************************
> Hi
>
[quoted text clipped - 26 lines]
>
> Brian Braad Nielsen
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.