locked
Signing and Encrypting Data RRS feed

  • Question

  • Hi,

    My application requires a lot of security. I have in the past used my own custom written encryption and signing code to ensure security when transmitting my data. But I would like to move over to using some of the facilities provided by the .Net framework, i.e. working with certificate files and the certificate store. I found a really great article about doing so here:

    http://msdn.microsoft.com/en-us/magazine/cc163454.aspx#S4

    It looks like my application only has to retrieve its private key from the certificate store, use it to sign the data, then retrieve the server's public key from the certificate store, and then use it to encrypt the data. Sounds easy enough. But there are some basic issues not covered by the article which are a little bit unnerving to me. For example, couldn't a piece of malware on the user's machine also do the same thing to retrieve my application 's private key to sign, and retrieve my server 's public key to encrypt, thereby posing as a legitimate copy of my application?!

    Is there a way to restrict which programs get access to the private keys?


    Thanks for any responses!

    Monday, July 13, 2009 4:27 PM

Answers

  • I don't think there's a way to do this.

    You could create a special user account and store the key only for that user.

    However, remember to do a realistic threat analysis before taking this route. It just seems like overkill for most applications.

           -Steve
    Programming blog: http://nitoprograms.blogspot.com/
      Including my TCP/IP .NET Sockets FAQ
    MSBuild user? Try out the DynamicExecute task in the MSBuild Extension Pack source; it's currently in Beta so get your comments in!
    • Marked as answer by Zhi-Xin Ye Monday, July 20, 2009 2:51 PM
    Tuesday, July 14, 2009 12:48 PM

All replies

  • Olá


    Serve um codigo abaixo como exemplo?
    Public Shared Function EncryptData(ByVal sData As String, _
    		ByVal sKey As String) As Byte()
    
        'Cria os streams iniciais
        Dim strmEncrypted As New MemoryStream
        strmEncrypted.SetLength(0)
    
        'Algoritmo de criptografia
        Dim tdes As New TripleDESCryptoServiceProvider
    
        'Obtem a chave do parâmetro
        Dim aKey() As Byte = System.Text.Encoding.ASCII.GetBytes(sKey)
        Dim aIV() As Byte = {0, 0, 0, 0, 0, 0, 0, 0}
        
        Return Nothing
        
    End Function
    

    Abraço
    Gilson Dias
    Tuesday, July 14, 2009 2:41 AM
  • I don't think there's a way to do this.

    You could create a special user account and store the key only for that user.

    However, remember to do a realistic threat analysis before taking this route. It just seems like overkill for most applications.

           -Steve
    Programming blog: http://nitoprograms.blogspot.com/
      Including my TCP/IP .NET Sockets FAQ
    MSBuild user? Try out the DynamicExecute task in the MSBuild Extension Pack source; it's currently in Beta so get your comments in!
    • Marked as answer by Zhi-Xin Ye Monday, July 20, 2009 2:51 PM
    Tuesday, July 14, 2009 12:48 PM