none
Encrypt connection string and save in registry RRS feed

  • Question

  • It's interesting to see the db connection encryption on application configuration file on this project 

    https://code.msdn.microsoft.com/Encrypt-and-decrypt-84e454fc?redir=0

    Is it possible to save the encrypted connection string to registry and retrieve it decrypted ?

    I also found few samples to des encrypt text based on the a key is it safe to use those as an alternative ? Can we use application guid as the key ?


    Coderv9

    Friday, August 17, 2018 8:10 PM

Answers

  • Hi,

    I queried some information and wrote a demo.

    Create an Encryption Library:

    Imports System.Security.Cryptography
    Imports System.IO

    public class Encryption

    Public Function Encrypt(ByVal bytesToBeEncrypted As Byte(), ByVal passwordBytes As Byte()) As Byte() Dim encryptedBytes As Byte() = Nothing Dim saltBytes As Byte() = New Byte() {1, 2, 3, 4, 5, 6, 7, 8} Using ms As MemoryStream = New MemoryStream() Using AES As RijndaelManaged = New RijndaelManaged() AES.KeySize = 256 AES.BlockSize = 128 Dim key = New Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000) AES.Key = key.GetBytes(AES.KeySize / 8) AES.IV = key.GetBytes(AES.BlockSize / 8) AES.Mode = CipherMode.CBC Using cs = New CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write) cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length) cs.Close() End Using encryptedBytes = ms.ToArray() End Using End Using Return encryptedBytes End Function Public Function Decrypt(ByVal bytesToBeDecrypted As Byte(), ByVal passwordBytes As Byte()) As Byte() Dim decryptedBytes As Byte() = Nothing Dim saltBytes As Byte() = New Byte() {1, 2, 3, 4, 5, 6, 7, 8} Using ms As MemoryStream = New MemoryStream() Using AES As RijndaelManaged = New RijndaelManaged() AES.KeySize = 256 AES.BlockSize = 128 Dim key = New Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000) AES.Key = key.GetBytes(AES.KeySize / 8) AES.IV = key.GetBytes(AES.BlockSize / 8) AES.Mode = CipherMode.CBC Using cs = New CryptoStream(ms, AES.CreateDecryptor(), CryptoStreamMode.Write) cs.Write(bytesToBeDecrypted, 0, bytesToBeDecrypted.Length) cs.Close() End Using decryptedBytes = ms.ToArray() End Using End Using Return decryptedBytes End Function End Class



    Imports Encryption
    Imports System.Text
    Imports Microsoft.Win32
    
    
    Public Class Form1
        Private Sub btnEncrypt_Click(sender As Object, e As EventArgs) Handles btnEncrypt.Click
            Try
                Dim enc As Encryptor = New Encryptor(EncryptionAlgorithm.TripleDes)
                Dim plainText As Byte() = Encoding.ASCII.GetBytes(txtConnectionString.Text)
                Dim key As Byte() = Encoding.ASCII.GetBytes(txtKey.Text)
                Dim cipherText As Byte() = enc.Encrypt(plainText, key)
                txtInitializationVector.Text = Encoding.ASCII.GetString(enc.IV)
                txtEncryptedString.Text = Convert.ToBase64String(cipherText)
            Catch ex As Exception
                MessageBox.Show("Exception encrypting: " & ex.Message, "Encryption Test  Harness")
            End Try
        End Sub
    
        Private Sub btnDecrypt_Click(sender As Object, e As EventArgs) Handles btnDecrypt.Click
            Try
                Dim dec As Decryptor = New Decryptor(EncryptionAlgorithm.TripleDes)
                dec.IV = Encoding.ASCII.GetBytes(txtInitializationVector.Text)
                Dim key As Byte() = Encoding.ASCII.GetBytes(txtKey.Text)
                Dim plainText As Byte() = dec.Decrypt(Convert.FromBase64String(txtEncryptedString.Text), key)
                txtDecryptedString.Text = Encoding.ASCII.GetString(plainText)
            Catch ex As Exception
                MessageBox.Show("Exception decrypting. " & ex.Message, "Encryption Test Harness")
            End Try
        End Sub
    
        Private Sub btnWriteRegistryData_Click(sender As Object, e As EventArgs) Handles btnWriteRegistryData.Click
            Dim rk As RegistryKey = Registry.LocalMachine.OpenSubKey("Software", True)
            rk = rk.CreateSubKey("TestApplication")
            rk.SetValue("connectionString", txtEncryptedString.Text)
            rk.SetValue("initVector", Convert.ToBase64String(Encoding.ASCII.GetBytes(txtInitializationVector.Text)))
            rk.SetValue("key", Convert.ToBase64String(Encoding.ASCII.GetBytes(txtKey.Text)))
            MessageBox.Show("The data has been successfully written to the registry")
        End Sub
    End Class

    Best Regards,

    Alex


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Coderv9 Wednesday, August 22, 2018 3:02 AM
    Monday, August 20, 2018 9:20 AM

All replies

  • Greetings,

    If you don't mind me asking, why store the connection string in the registry? Some computers a) don't permit it via security settings, company policies b) some software cleans entries and your entry may be removed.

    What I use (the link you are pointing too) will not work as per this documentation.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    Friday, August 17, 2018 10:08 PM
    Moderator
  • Store the encrypted connection string in the software and require the user to enter the decryption key. That's the safest place for it.

    If the database is not encrypted, why bother encrypting the connection string ? Someone will find the database file.

    Friday, August 17, 2018 10:46 PM
  • Hi Karen,

    The application we use is stored on a shared drive on our local network. And when ever we update the application it's automatically updates and when a settings file is used updated application fails to use previously saved entry. So we are using current user/ software/ application name key to save database path and password was embedded in the code. As per your advice in another thread am trying to remove the password from code and encrypt it.


    Coderv9

    Saturday, August 18, 2018 3:23 AM
  • Hi Devon,

    Database is password protected and question is if am encrypting the connection string with key= application guid will if be safe and is it a good practice ?


    Coderv9

    Saturday, August 18, 2018 10:41 AM
  • Hi,

    I queried some information and wrote a demo.

    Create an Encryption Library:

    Imports System.Security.Cryptography
    Imports System.IO

    public class Encryption

    Public Function Encrypt(ByVal bytesToBeEncrypted As Byte(), ByVal passwordBytes As Byte()) As Byte() Dim encryptedBytes As Byte() = Nothing Dim saltBytes As Byte() = New Byte() {1, 2, 3, 4, 5, 6, 7, 8} Using ms As MemoryStream = New MemoryStream() Using AES As RijndaelManaged = New RijndaelManaged() AES.KeySize = 256 AES.BlockSize = 128 Dim key = New Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000) AES.Key = key.GetBytes(AES.KeySize / 8) AES.IV = key.GetBytes(AES.BlockSize / 8) AES.Mode = CipherMode.CBC Using cs = New CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write) cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length) cs.Close() End Using encryptedBytes = ms.ToArray() End Using End Using Return encryptedBytes End Function Public Function Decrypt(ByVal bytesToBeDecrypted As Byte(), ByVal passwordBytes As Byte()) As Byte() Dim decryptedBytes As Byte() = Nothing Dim saltBytes As Byte() = New Byte() {1, 2, 3, 4, 5, 6, 7, 8} Using ms As MemoryStream = New MemoryStream() Using AES As RijndaelManaged = New RijndaelManaged() AES.KeySize = 256 AES.BlockSize = 128 Dim key = New Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000) AES.Key = key.GetBytes(AES.KeySize / 8) AES.IV = key.GetBytes(AES.BlockSize / 8) AES.Mode = CipherMode.CBC Using cs = New CryptoStream(ms, AES.CreateDecryptor(), CryptoStreamMode.Write) cs.Write(bytesToBeDecrypted, 0, bytesToBeDecrypted.Length) cs.Close() End Using decryptedBytes = ms.ToArray() End Using End Using Return decryptedBytes End Function End Class



    Imports Encryption
    Imports System.Text
    Imports Microsoft.Win32
    
    
    Public Class Form1
        Private Sub btnEncrypt_Click(sender As Object, e As EventArgs) Handles btnEncrypt.Click
            Try
                Dim enc As Encryptor = New Encryptor(EncryptionAlgorithm.TripleDes)
                Dim plainText As Byte() = Encoding.ASCII.GetBytes(txtConnectionString.Text)
                Dim key As Byte() = Encoding.ASCII.GetBytes(txtKey.Text)
                Dim cipherText As Byte() = enc.Encrypt(plainText, key)
                txtInitializationVector.Text = Encoding.ASCII.GetString(enc.IV)
                txtEncryptedString.Text = Convert.ToBase64String(cipherText)
            Catch ex As Exception
                MessageBox.Show("Exception encrypting: " & ex.Message, "Encryption Test  Harness")
            End Try
        End Sub
    
        Private Sub btnDecrypt_Click(sender As Object, e As EventArgs) Handles btnDecrypt.Click
            Try
                Dim dec As Decryptor = New Decryptor(EncryptionAlgorithm.TripleDes)
                dec.IV = Encoding.ASCII.GetBytes(txtInitializationVector.Text)
                Dim key As Byte() = Encoding.ASCII.GetBytes(txtKey.Text)
                Dim plainText As Byte() = dec.Decrypt(Convert.FromBase64String(txtEncryptedString.Text), key)
                txtDecryptedString.Text = Encoding.ASCII.GetString(plainText)
            Catch ex As Exception
                MessageBox.Show("Exception decrypting. " & ex.Message, "Encryption Test Harness")
            End Try
        End Sub
    
        Private Sub btnWriteRegistryData_Click(sender As Object, e As EventArgs) Handles btnWriteRegistryData.Click
            Dim rk As RegistryKey = Registry.LocalMachine.OpenSubKey("Software", True)
            rk = rk.CreateSubKey("TestApplication")
            rk.SetValue("connectionString", txtEncryptedString.Text)
            rk.SetValue("initVector", Convert.ToBase64String(Encoding.ASCII.GetBytes(txtInitializationVector.Text)))
            rk.SetValue("key", Convert.ToBase64String(Encoding.ASCII.GetBytes(txtKey.Text)))
            MessageBox.Show("The data has been successfully written to the registry")
        End Sub
    End Class

    Best Regards,

    Alex


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Coderv9 Wednesday, August 22, 2018 3:02 AM
    Monday, August 20, 2018 9:20 AM