|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
best practice for encrypting in appI have a general question where is the best practice to store and how to pass
in the key for symmetric encryption to an app. I have created a helper dll to aid with the encrypting\decrypting sensitive scripts that we have. How should I interact with this DLL by passing in the key for the encryption methods. Should the key be encrypted somewhere or hard coded in the app and passed into the DLL. I know when using symmetric encryption the key phrase is supposed to be secret. So just looking for a best practice solution. thanks in advance Hi Homer,
you can use managed wrappers of DPAPI (Data Protection API) for key-management. HTH. Kaustav Neogy. Show quoteHide quote "Homer" wrote: > I have a general question where is the best practice to store and how to pass > in the key for symmetric encryption to an app. > I have created a helper dll to aid with the encrypting\decrypting > sensitive scripts that we have. How should I interact with this DLL by > passing in the key for the encryption methods. Should the key be encrypted > somewhere or hard coded in the app and passed into the DLL. > I know when using symmetric encryption the key phrase is supposed to be > secret. So just looking for a best practice solution. > > thanks in advance And you can find a managed wrapper for DPAPI to download here
http://www.theglavs.com/GlavTech/Downloads/DPAPI_Wrapper.zip Show quoteHide quote "Kaustav" <Kaus***@discussions.microsoft.com> wrote in message news:1DD4F43A-791B-4FD8-8D87-F9CD3F027B2F@microsoft.com... > Hi Homer, > > you can use managed wrappers of DPAPI (Data Protection API) for > key-management. > > HTH. > > Kaustav Neogy. > > "Homer" wrote: > > > I have a general question where is the best practice to store and how to pass > > in the key for symmetric encryption to an app. > > I have created a helper dll to aid with the encrypting\decrypting > > sensitive scripts that we have. How should I interact with this DLL by > > passing in the key for the encryption methods. Should the key be encrypted > > somewhere or hard coded in the app and passed into the DLL. > > I know when using symmetric encryption the key phrase is supposed to be > > secret. So just looking for a best practice solution. > > > > thanks in advance Homer,
There is no bullet-proof solution here. To recommend you the best approach one would have to learn more details about your application, infrastructure, support model, data value, risk factors, etc. This article can give you some hints: "Safeguard Database Connection Strings and Other Sensitive Settings in Your Code" (http://msdn.microsoft.com/msdnmag/issues/03/11/ProtectYourData/). Alek Show quoteHide quote "Homer" <Ho***@discussions.microsoft.com> wrote in message news:9F1F2DAF-A0F5-4F77-8609-B76E6558F5E1@microsoft.com... > I have a general question where is the best practice to store and how to pass > in the key for symmetric encryption to an app. > I have created a helper dll to aid with the encrypting\decrypting > sensitive scripts that we have. How should I interact with this DLL by > passing in the key for the encryption methods. Should the key be encrypted > somewhere or hard coded in the app and passed into the DLL. > I know when using symmetric encryption the key phrase is supposed to be > secret. So just looking for a best practice solution. > > thanks in advance  
Other interesting topics
Error from CAS Config util
Newbie error on output Running programs located on server why i get UnauthorizedAccess Exception? Single-sign-on .NET GUI to J2EE server PrincipalPermission.Demand() returns: Request for principal permission failed Assymetric encryption - building an interopable solution that works with .NET/Java/OpenSSL error when I use AES with CAPICOM Windows Control Library call to Web Service over LAN fails Plz ..help...role based authentication |
|||||||||||||||||||||||
