15,041,525 members
See more:
Dear Friends:

I have a wpf application and I want to store my data in a SQL file. The SQL file has some sensitive content and in order to protect its content I have decided to enctypt them by Rijndael algorithm (because as I read this algorithm is the optimum one (fast and secure)). The algorithm needs KEY and IV and as you know everybody that has these two parameters can decrypt our data. So, the questions are:

1. How could I protect the KEY and IV? Where should I store Key and IV? If I want to store key and IV in SQL file, everybody can get them and decrypt my data. If I want to hard-code it in the software I will make a bad mistake.

2. I read that we can use combination of symetric (Rijndaehl) and asymetric(RSA) algorithm (and it seems that its function is in the web applications. Am I right?). However, I don't have any idea how to implement it (any solution will be appriciated).

3. Now, consider that I use combination of symetric asymmertic algorithms. But, the problem has not finnished yet. because when I use asymetric algorithm to protect the key and IV of symetric algorithm, I should save public and private key in a location (forexample in sql file or in code). and the problem will be arised again. Anyone can use this saved private key and decrypt the key and Iv and at last find sql content. So, what should I do?

Your.
Posted
Updated 17-Jul-12 10:41am
v2
Suvabrata Roy 17-Jul-12 3:43am

Hi,

I have faced this kind of security problem.

In this situation we need to know.

1. Are you in Online architecture.
2. Volume of data you need to Encrypt.
3. Frequency of data you need to dcrypt.

Thanks for your reply. BTW, volume of my data is about 4-5 lines with font of 12 and the frequency of enc. dec. are high.
Richard MacCutchan 17-Jul-12 4:03am

You do not save the key anywhere, it needs to be entered by the user to start the encryption or decryption process. That way your data remains secure.

## Solution 1

Hi,

As you need to access that decoded data again and again, so we will decrypt it at the start of application and store it in IsolatedStorage which is secure and faster.

Where you should store the key?

You can store it in a text file in binary format and that text file will placed under Temp file of windows.

if Key is user dependent then you can use UserProfile's temp folder to store it or in an Certificate file which user will upload or It will install in user machine and your application will read it from their ( its applicable for windows application ).

You can use certificate for Web Application also Read More

In this way you can develop an highly secure web application.

Do you need to change the key in run time ?
v2