 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / October 2005Storing secrets, that may be accessible from some application only
Hello, I have a small architectal or development problem. My application must store some confidential information (for example, public key) on the end user's computer, that accessible only for my application (and not available for other applications). End user may be a local administrator on own computer. Target system is Windows 2000 Professional. How I can this realize, and where store this secret? Thanks! Hello Whistler, you can use DPAPI - a encryption mechanism built into Windows. Secrets can be stored machine and user specific - even with some application supplied entropy. in 2.0 this is available via System.Security.Cryptography.ProtectedData you can download a wrapper for 1.1 here: http://www.leastprivilege.com/DPAPITools.aspx --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com > Hello, > I have a small architectal or development problem. [quoted text clipped - 6 lines] > Target system is Windows 2000 Professional. > How I can this realize, and where store this secret? Thanks! But, what will be a source of entropy? If i'll store some value (entropy "generator") in the body of assembly, then security of data, saved in system protected storage will be minimal. User may disassembly code, extract this value, and also extracts my secret. DPAPI is user/machine specific, but I need assembly specific alternative... Sorry for my English :-) Hello Whistler, you will always have this problem. Encryption does not eliminate secrets - it only compresses them to a key. Your application has to have access to that key somehow. So if someone decompiles the application he will find out where the key is. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com > But, what will be a source of entropy? If i'll store some value > (entropy "generator") in the body of assembly, then security of data, [quoted text clipped - 5 lines] > > Sorry for my English :-) Why do you need to encyrpt public key? These are public and meant to be known. If you want to store some encypted data in the assem in supporting file, only way to do is ask for a password in the app and decrypt. Wrong password will throw error doing decrypt. You could use dpapi, but you would need the clear text to begin with.  SignatureWilliam Stacey [MVP] > Hello, > I have a small architectal or development problem. [quoted text clipped - 8 lines] > > How I can this realize, and where store this secret? Thanks! Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.