Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C# SQL-Server-2008
Dear Friends:
 
I have a wpf application and I want to store my data in a SQL file. The SQL file has some sensitive content and in order to protect its content I have decided to enctypt them by Rijndael algorithm (because as I read this algorithm is the optimum one (fast and secure)). The algorithm needs KEY and IV and as you know everybody that has these two parameters can decrypt our data. So, the questions are:
 
1. How could I protect the KEY and IV? Where should I store Key and IV? If I want to store key and IV in SQL file, everybody can get them and decrypt my data. If I want to hard-code it in the software I will make a bad mistake.
 

2. I read that we can use combination of symetric (Rijndaehl) and asymetric(RSA) algorithm (and it seems that its function is in the web applications. Am I right?). However, I don't have any idea how to implement it (any solution will be appriciated).
 
3. Now, consider that I use combination of symetric asymmertic algorithms. But, the problem has not finnished yet. because when I use asymetric algorithm to protect the key and IV of symetric algorithm, I should save public and private key in a location (forexample in sql file or in code). and the problem will be arised again. Anyone can use this saved private key and decrypt the key and Iv and at last find sql content. So, what should I do?
 
Your.
Posted 16-Jul-12 21:03pm
Edited 17-Jul-12 10:41am
v2
Comments
Suvabrata Roy at 17-Jul-12 3:43am
   
Hi,
 
I have faced this kind of security problem.
 
In this situation we need to know.
 
1. Are you in Online architecture.
2. Volume of data you need to Encrypt.
3. Frequency of data you need to dcrypt.
Mmohmmad at 17-Jul-12 16:38pm
   
Thanks for your reply. BTW, volume of my data is about 4-5 lines with font of 12 and the frequency of enc. dec. are high.
Richard MacCutchan at 17-Jul-12 4:03am
   
You do not save the key anywhere, it needs to be entered by the user to start the encryption or decryption process. That way your data remains secure.

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Hi,
 
As you need to access that decoded data again and again, so we will decrypt it at the start of application and store it in IsolatedStorage which is secure and faster.
 
Where you should store the key?
 
You can store it in a text file in binary format and that text file will placed under Temp file of windows.
 
if Key is user dependent then you can use UserProfile's temp folder to store it or in an Certificate file which user will upload or It will install in user machine and your application will read it from their ( its applicable for windows application ).
 
You can use certificate for Web Application also Read More
 
In this way you can develop an highly secure web application.
 
For Certificate Details Click Here
 

 
I think it will help You...
 
Do you need to change the key in run time ?
  Permalink  
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web01 | 2.8.141022.2 | Last Updated 18 Jul 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100