DPAPI and Triple DES: A powerful combination to secure connection strings and other application settings

Hannes Foulds

Rate me:

4.77/5 (47 votes)

26 Aug 20056 min read

133.6K

1.7K

This article shows how DPAPI and Triple DES can be used to encrypt connection strings and other sensitive strings for storage in the ASP.NET web.config file.

dpapi_src.zip
- dpapi_src
  - Foulds.Security.UserInterface.DataProtection
    - App.ico
    - AssemblyInfo.cs
    - bin
    - DataProtection.cs
    - DataProtection.resx
    - Foulds.Security.UserInterface.DataProtection.csproj
    - Foulds.Security.UserInterface.DataProtection.csproj.user
  - Foulds.Security
    - AssemblyInfo.cs
    - bin
    - deploy.cmd
    - Deploy.wsf
    - Encryption
    - Foulds.Security.csproj
    - Foulds.Security.csproj.user
    - Foulds.Security.sln
    - Foulds.Security.snk
    - SectionHandlers
      - DataProtection
        
        ConfigSettings.cs
        
        EncryptedSettings.cs
        
        EncryptionEngine.cs
        
        SectionHandler.cs
dpapi_demo.zip
- dpapi_bin
  - Foulds.Security.dll
  - Foulds.Security.UserInterface.DataProtection.exe

using System;
using System.Text;

namespace Foulds.Security.Encryption
{
	/// <author>Hannes Foulds, 11 August 2005.</author>
	/// <summary>
	/// All encryption classes should inherit from this base class.
	/// </summary>
	public abstract class EncryptionBase
	{
		#region Encrypt
		/// <summary>
		/// Encrypt the plaintext using the key provided.
		/// </summary>
		/// <param name="plainText">The plain text that must be encrypted.</param>
		/// <param name="key">The key to use for the encryption.</param>
		/// <returns>The base64 encoded cipher text.</returns>
		public string Encrypt(string plainText, string key)
		{
			// get the byte arrays of the input parameters
			byte[] plainBytes = Encoding.ASCII.GetBytes(plainText);
			byte[] keyBytes = ( (key != null) ? Encoding.ASCII.GetBytes(key) : null );

			// encrypt the plain text
			byte[] encryptedBytes = this.Encrypt(plainBytes, keyBytes);

			// return the base64 encrypted string
			return Convert.ToBase64String(encryptedBytes);
		}

		public abstract byte[] Encrypt(byte[] plainText, byte[] key);
		#endregion

		#region Decrypt
		/// <summary>
		/// Decrypt the ciphertext.
		/// </summary>
		/// <param name="cipherText">The ciphertext that sould be decrypted.</param>
		/// <param name="key">The key to use for the decryption.</param>
		/// <returns>Returns the decrypted string.</returns>
		public string Decrypt(string cipherText, string key)
		{
			// get the byte arrays of the input parameters
			byte[] cipherBytes = Convert.FromBase64String(cipherText);
			byte[] keyBytes = ( (key != null) ? Encoding.ASCII.GetBytes(key) : null );

			// decrypt the cipher text
			byte[] decryptedBytes = this.Decrypt(cipherBytes, keyBytes);

			// return the decrypted string
			return Encoding.ASCII.GetString(decryptedBytes);
		}

		public abstract byte[] Decrypt(byte[] cipherText, byte[] key);
		#endregion
	}
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Written By

Hannes Foulds

Web Developer

South Africa

Visit my blog at http://hannesfoulds.blogspot.com/

DPAPI and Triple DES: A powerful combination to secure connection strings and other application settings

License

Comments and Discussions