none
encrypt & decrypt using assembly sign key

    Question

  • I need a way to encrypt & decrypt data in my code It should be possibly to do so only in my Assembly ! I already sign my Assembly , so I think to use the Assembly key to get the private key for my encrypt alg.

    Who can I do it ?

    Thanks

    Wednesday, June 15, 2011 9:46 AM

Answers

  • Hi,

    Ah ok. You want to look at DPAPI. This is a way to encrypt and decrypt data based on the credentials of a domain user. It implicitly uses the credentials of the user to produce an encryption key that is then used to encrypt and decrypt. This is what your looking for.

    Have a read of this.....

    http://msdn.microsoft.com/en-us/library/ms995355.aspx

    This will give you some background as to what DPAPI is about. While this...

    http://msdn.microsoft.com/en-us/library/system.security.cryptography.protecteddata.aspx

    ... is how it's implemented in .NET.

    You can combine this with IsolatedStorage rather well because it has the same concept as user level and machine level.
    "The programmer, like the poet, works only slightly removed from pure thought-stuff. He builds his castles in the air, from air, creating by exertion of the imagination." - Fred Brooks
    • Marked as answer by isaac dagan Wednesday, June 15, 2011 3:15 PM
    Wednesday, June 15, 2011 3:06 PM

All replies

  • Hi,

    This won't be possible.

    Public key encrypts and the private key decrypts. The idea being that if someone wants to send you encrypted information then they can do so with your public key. That means only you have the ability to decrypt that information since only you have the private key, no one else should have your private key so the information stays safe.

    The only way to decrypt the information in the application would be to publish the private key. Anyone could use it then to decrypt the data.

     

     


    "The programmer, like the poet, works only slightly removed from pure thought-stuff. He builds his castles in the air, from air, creating by exertion of the imagination." - Fred Brooks
    Wednesday, June 15, 2011 10:28 AM
  • In my case, only my Assembly should be alow to encrypts and decrypts the data

    I am afraid to have the privet key hard code in my Assembly, so a thought to use the Assembly key for the encrypts  & decrypts



    Wednesday, June 15, 2011 10:36 AM
  • Think about this for a minute.

    Any data that is part of the assembly is accessible by the CLR.  If it is accessible by the CLR, then it is accessible by anyone.

    Therefore, whether you hardcode a key inside your assembly (such as a const string in a class), or whether you use something like your assembly's public key token, that data is public.  Any hacker can extract it.  Once he decompiles your code and sees that you're using the assembly's public key token he'll just extract it from your assembly using sn and then decrypt your data.

    There is no magic private assembly key that would somehow be accessible only in code that you compiled when you were building that assembly.

    Evan

    Wednesday, June 15, 2011 1:25 PM
  • This is what I try to prevent

    I know I can't get the Assembly private key (the one I use the sign the assembly), but is there a way to encrypt/decrypts data base on that key ?

    Wednesday, June 15, 2011 1:31 PM
  • Hi,

    You can encrypt the data with the key but then, when the application is deployed, there is no way to decrypt it.

     


    "The programmer, like the poet, works only slightly removed from pure thought-stuff. He builds his castles in the air, from air, creating by exertion of the imagination." - Fred Brooks
    Wednesday, June 15, 2011 1:33 PM
  • How can I encrypt the data ?

    Why I can't decrypt when application is deployed ?

    Wednesday, June 15, 2011 1:40 PM
  • Hi,

    ONLY THE PRIVATE KEY CAN DECRYPT !!!

    You would need to deploy the private key with the application so that the application can decrypt the data.

    If you do that then anyone with a copy of the application has the ability to decrypt the data meaning....

    ...... there would be no point in encrypting the data in the first place.

    QED


    "The programmer, like the poet, works only slightly removed from pure thought-stuff. He builds his castles in the air, from air, creating by exertion of the imagination." - Fred Brooks
    Wednesday, June 15, 2011 1:45 PM
  • I know all that...

    I thought because my Assembly is sign, I can use it to encrypt & decrypt data into a file (for ex: User name & Password)

    Wednesday, June 15, 2011 1:54 PM
  • Hi,

    Signing the assembly uses the private key to digitally sign the assembly.  When this happens the public key is embedded into the assembly and used to verify the signature. This is fine because the public key can be public.

    But the public key cannot be used to decrypt data. Sorry Issac, it's just not going to work.

     

    Tell you what. Describe what it is your doing, the data your trying to protect, the reason for protecting it, and who your trying to protect it from, and any other information about your software, and lets see if there is another solution.


    "The programmer, like the poet, works only slightly removed from pure thought-stuff. He builds his castles in the air, from air, creating by exertion of the imagination." - Fred Brooks
    Wednesday, June 15, 2011 2:11 PM
  • I have application that ask for user name & password

    I need to save local (I use the IsolatedStorage for this) the user name & password, so that next time the same domain user run my application he will not need to enter the user name & password agin

    Any idea how I protect the file contined the user name & password ?

     

     

    Wednesday, June 15, 2011 2:22 PM
  • Hi,

    Ah ok. You want to look at DPAPI. This is a way to encrypt and decrypt data based on the credentials of a domain user. It implicitly uses the credentials of the user to produce an encryption key that is then used to encrypt and decrypt. This is what your looking for.

    Have a read of this.....

    http://msdn.microsoft.com/en-us/library/ms995355.aspx

    This will give you some background as to what DPAPI is about. While this...

    http://msdn.microsoft.com/en-us/library/system.security.cryptography.protecteddata.aspx

    ... is how it's implemented in .NET.

    You can combine this with IsolatedStorage rather well because it has the same concept as user level and machine level.
    "The programmer, like the poet, works only slightly removed from pure thought-stuff. He builds his castles in the air, from air, creating by exertion of the imagination." - Fred Brooks
    • Marked as answer by isaac dagan Wednesday, June 15, 2011 3:15 PM
    Wednesday, June 15, 2011 3:06 PM
  • Thanks !,

     

    Seem to be the solution  I need

    Wednesday, June 15, 2011 3:15 PM