none
File encryption RRS feed

  • Question

  • I'm writing an application where I need to provide the user with the ability to save multiple stings (and multiple sets of strings) and then retrieve them on load. However due to the nature of the information I need to encrypt this information.

    what is the best way to manage this?

    I've seen you can encrypt chunks of app.config and settings.settings but would I be better just creating an xml file and using a base64 encryption with a key file for the whole thing?

    example data:

    string user1-name = "JoeBlogs";
    string user1-pass1 = "kjhdfkgjh";
    string user1-pass2 = "dsfgfdhgf";
    string user1-pass3 = "hmnyrusgr";
    string user1-pass4 = "ertrhdsfr";
    int user1-count = 888;
    
    string user2-name = "MoJones";
    string user2-pass1 = "sfghuemyr";
    string user2-pass2 = "fdghgfdhf";
    string user2-pass3 = "fdghtrrws";
    string user2-pass4 = "kjhotydjt";
    int user2-count = 555;
    
    string user1-name = "BobMarley";
    string user1-pass1 = "hgjkfrtyt";
    string user1-pass2 = "fghjfdtrt";
    string user1-pass3 = "yjtyjhyjy";
    string user1-pass4 = "fyjryrthy";
    int user1-count = 777;

    Tuesday, February 3, 2015 1:02 PM

Answers

All replies

  • There is an example of how to encrypt and decrypt a file using C# available on microsoft.com here: http://support.microsoft.com/kb/307010?wa=wsignin1.0

    Here is another example on CodeProject that should be helpful: http://www.codeproject.com/Articles/26085/File-Encryption-and-Decryption-in-C

    Please remember to mark helpful posts as answer and/or helpful.

    • Marked as answer by DGC GHOST Wednesday, February 11, 2015 2:18 PM
    Tuesday, February 3, 2015 1:17 PM
  • Use the built-in mechanisms: Use a Protected Configuration Provider.
    Tuesday, February 3, 2015 1:33 PM
  • I've looked at a few articles and nothings answered my question really but I'll take a look at these you've provided and see if they contain what I'm after. Thanks

    Tuesday, February 3, 2015 1:34 PM
  • Hi,

    The techniques proposed by Magnus work very well but if anyone decompile your assembly, he will be able to find the key. In this case, you could also use an obfuscator like "ConfuserEx" in order to protect also your assembly...

    Another technique consists in storing the sensitive information in the config file (which is saved as "user.config") and then use the "Protect" method. It relies on either the current user ID or the computer ID so in this case the inconveniant will be that you wouldn't be able to use the same user config file on another computer or with another user... For this, here are documentation and examples :
    http://stackoverflow.com/questions/19866570/how-do-i-encrypt-user-settings
    https://msdn.microsoft.com/en-us/library/53tyfkaw.aspx


    Philippe

    Tuesday, February 3, 2015 1:40 PM
  • For some tooling we also save the settings and some state encrypted, a very easy way to accomplish this is using the ProtectedData api.

    See ProtectedData

    A basic example where i serialize a Settings object and save it encrypted to disk using the ProtectedData class. I use the CurrentUser DataProtectionScope so only the current windows user can decrypt the data.

    Settings setting = GetSettings();
    
     byte[] settingsData;
     using(MemoryStream stream = new MemoryStream())
     {
       BinaryFormatter formatter = new BinaryFormatter();
       formatter.Serialize(stream, this);
    
       settingsData = stream.ToArray();
     }
    
     byte[] encryptedSettings = ProtectedData.Protect(settingsData, null, DataProtectionScope.CurrentUser);
    
    using(FileStream fileStream = settingsFile.Open(FileMode.Create, FileAccess.ReadWrite))
    {
      fileStream.Write(encryptedSettings, 0, encryptedSettings.Length);
    }

    And the code that reads the settings from disk:

        private static Settings LoadSettings()
        {
          Settings settings = null;
          try
          {
            string settingsFilePath = GetStorageLocation();
            if(File.Exists(settingsFilePath))
            {
              byte[] encryptedSettings = File.ReadAllBytes(settingsFilePath);
              byte[] settingsData = ProtectedData.Unprotect(encryptedSettings, null, DataProtectionScope.CurrentUser);
    
              using(MemoryStream stream = new MemoryStream(settingsData))
              {
                BinaryFormatter formatter = new BinaryFormatter();
                settings = (Settings)formatter.Deserialize(stream);
              }
            }
          }
          catch
          {
            // Cant load settings use defaults instead.
          }
          return settings == null ? new Settings() : settings;
        }

    Hope this helps you!



    Tuesday, February 3, 2015 1:48 PM
  • Well there's a myriad of helpful stuff here, I'm going to hit this tonight and see where I end up, thanks to all, I'll let you know how I get on!
    Tuesday, February 3, 2015 1:59 PM