Click here to Skip to main content
15,885,925 members
Search within:


Articles / Web Development / IIS
 

DPAPI and Triple DES: A powerful combination to secure connection strings and other application settings

Rate me:
Please Sign up or sign in to vote.
4.77/5 (47 votes)
26 Aug 20056 min read 133.2K   1.7K   85  
This article shows how DPAPI and Triple DES can be used to encrypt connection strings and other sensitive strings for storage in the ASP.NET web.config file.
 
using System;
using System.IO;
using System.Security.Cryptography;

namespace Foulds.Security.Encryption
{
	/// <author>Hannes Foulds, 11 August 2005</author>
	/// <summary>
	/// This class is used to encrypt data using the Triple DES algorithm.
	/// </summary>
	public class TripleDes : EncryptionBase
	{
		#region Constants
        private byte[] IV = {30, 12, 26, 23, 44, 51, 46, 73}; 
		#endregion

		/// <summary>
		/// Encrypt the plaintext using the key provided.
		/// </summary>
		/// <param name="plainText">The plain text that must be encrypted.</param>
		/// <param name="key">The key to use for the encryption.</param>
		/// <returns>Returns the encrypted byte array.</returns>
		public override byte[] Encrypt(byte[] plainText, byte[] key)
		{
			// create the crypto service provider
			TripleDESCryptoServiceProvider des3 = new TripleDESCryptoServiceProvider();
			des3.Mode = CipherMode.CBC;
			
			// create the key
			PasswordDeriveBytes passwordDeriveBytes = new PasswordDeriveBytes(Convert.ToBase64String(key), new byte[0]);
			des3.Key = passwordDeriveBytes.CryptDeriveKey("RC2", "MD5", 128, new byte[8]);
			des3.IV = this.IV;

			MemoryStream memoryStream = new MemoryStream(); 
			CryptoStream cryptoStream = new CryptoStream(memoryStream, des3.CreateEncryptor(), CryptoStreamMode.Write); 
			cryptoStream.Write(plainText, 0, plainText.Length); 
			cryptoStream.FlushFinalBlock(); 

			return memoryStream.ToArray();
		}

		/// <summary>
		/// Decrypt the ciphertext.
		/// </summary>
		/// <param name="cipherText">The ciphertext that sould be decrypted.</param>
		/// <param name="key">The key to use for the decryption.</param>
		/// <returns>Returns the decrypted bytes.</returns>
		public override byte[] Decrypt(byte[] cipherText, byte[] key)
		{
			// create the crypto service provider
			TripleDESCryptoServiceProvider des3 = new TripleDESCryptoServiceProvider();
			des3.Mode = CipherMode.CBC;

			// create the key
			PasswordDeriveBytes passwordDeriveBytes = new PasswordDeriveBytes(Convert.ToBase64String(key), new byte[0]);
			des3.Key = passwordDeriveBytes.CryptDeriveKey("RC2", "MD5", 128, new byte[8]);
			des3.IV = this.IV;

			MemoryStream memoryStream = new MemoryStream(); 
			CryptoStream cryptoStream = new CryptoStream(memoryStream, des3.CreateDecryptor(), CryptoStreamMode.Write); 
			cryptoStream.Write(cipherText, 0, cipherText.Length); 
			cryptoStream.FlushFinalBlock(); 

			return memoryStream.ToArray();
		}
	}
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


Written By
Hannes Foulds
Web Developer
South Africa South Africa
Visit my blog at http://hannesfoulds.blogspot.com/

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 26 Aug 2005

Article Copyright 2005 by Hannes Foulds
Everything else Copyright © CodeProject, 1999-2024

Web04 2.8:2024-04-02:1