none
How to encrypt Properties.Settings.Default? RRS feed

  • Question

  • Hi

    I use the Properties.Settings.Default method to save settings within my program.
    Now I want the user to be unable to edit the settings-file generated (user.config), by encrypting this file.

    Is this possible?

    Kind Regards
    Friday, July 28, 2006 10:32 PM

Answers

  • You can encrypt or sign the contents but the user's account will need to have access to the private key for the decryption or signing if it is to take place when your code is running under that account.  This means that the user would still be able to manually edit the file, although it would be a bit more work.

    Instead of trying to prevent the edit, why not validate the settings data when it is read from the file?

    Monday, July 31, 2006 7:56 PM

All replies

  • No reply. Maybe it is impossible then. :)
    Monday, July 31, 2006 11:13 AM
  • You can't encrypt the file but you can encrypt what you write to it.
    Monday, July 31, 2006 6:59 PM
    Moderator
  • You can encrypt or sign the contents but the user's account will need to have access to the private key for the decryption or signing if it is to take place when your code is running under that account.  This means that the user would still be able to manually edit the file, although it would be a bit more work.

    Instead of trying to prevent the edit, why not validate the settings data when it is read from the file?

    Monday, July 31, 2006 7:56 PM
  • Hi Nicole

    Encryption of the contents sounds nice. Then I just have to use try{...} catch() {...} to detect any changes in the user.config file.

    But I dont quite now how to do this correctly...

    Right now I've put in my default settings element via Project->Properties and tab "Settings".

    Before calling the method "Save()" on Properties.Settings.Default, I load each property with the encrypted data (from input textfields). And then I decrypt them when the Settings Form is loaded.

    But how about the default values (Project->Properties->Settings)? I think I don't need to generate the encryption by hand to be entered there? I mean, the first time I decrypt (opens my Settings Form), the values aren't encrypted...

    Kind Regards
    Sunday, August 13, 2006 11:07 PM
  • That depends largely on why you're attempting to prevent "manual" reading and/or writing of the settings in the first place (for which encryption still doesn't make much sense to me).  If your default settings are being read out of your assembly (which is the default behaviour), modifying the defaults would require decompiling and recompiling your assembly (or at least modifying the compiled assembly for a small change).  Anyone doing this would also be able to muck about with the encryption details, so there would seem to be little real benefit in encrypting the defaults.
    Monday, August 14, 2006 2:02 PM