Tamper-proof and Obfuscate your Configuration Files

Sunny Ahuwanya

Rate me:

4.17/5 (12 votes)

5 Jan 2009CPOL10 min read

77K

How to prevent your configuration sections from unauthorized modification (includes a nifty configuration file editor)

protectedconfigurationproject.zip
- ConfigFileEditor
  - AboutBox.cs
  - AboutBox.Designer.cs
  - AboutBox.resx
  - bin
    - Debug
      - ConfigFileEditor.exe
      - ConfigFileEditor.vshost.exe
  - ConfigFileEditor.cs
  - ConfigFileEditor.csproj
  - ConfigFileEditor.sln
  - ConfigFileEditor.suo
  - EditorForm.cs
  - EditorForm.Designer.cs
  - EditorForm.resx
  - ElementDialog.cs
  - ElementDialog.Designer.cs
  - ElementDialog.resx
  - KeyInputDialog.cs
  - KeyInputDialog.Designer.cs
  - KeyInputDialog.resx
  - NewKeyPairDialog.cs
  - NewKeyPairDialog.Designer.cs
  - NewKeyPairDialog.resx
  - Program.cs
  - Properties
    - AssemblyInfo.cs
    - Resources.Designer.cs
    - Resources.resx
    - Settings.Designer.cs
    - Settings.settings
  - ProviderDialog.cs
  - ProviderDialog.Designer.cs
  - ProviderDialog.resx
  - SignedConfigHelper.cs
- Sample.Config
- SignatureProtectedConfigurationProvider
  - bin
    - Debug
      - PortableProtectedConfigurationProvider.exe
      - PortableProtectedConfigurationProvider.vshost.exe
  - Program.cs
  - Properties
    - AssemblyInfo.cs
  - SignatureProtectedConfigurationProvider.csproj
  - SignatureProtectedConfigurationProvider.sln
  - SignatureProtectedConfigurationProvider.suo
  - SignedConfigProvider.cs
  - SignedConfigUtils.cs

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.Xml;
using System.Security.Cryptography;


namespace ConfigFileEditor
{
    public partial class NewKeyPairDialog : Form
    {

        static string text = "";

        private NewKeyPairDialog()
        {
            InitializeComponent();
        }

        public new static DialogResult Show(IWin32Window Owner)
        {

            NewKeyPairDialog dialog = new NewKeyPairDialog();
            dialog.ShowDialog(Owner);
            return dialog.DialogResult;
        }

        private void NewKeyPairDialog_Load(object sender, EventArgs e)
        {
            XmlDocument doc = new XmlDocument();

            RSACryptoServiceProvider rsaObj = new RSACryptoServiceProvider();

            string privateKey = rsaObj.ToXmlString(true);

            doc.PreserveWhitespace = true;
            doc.LoadXml(privateKey);

            string headerComment = "\r\n PRIVATE/PUBLIC KEYS *** Store in a Secure Location *** \r\n";
            XmlNode commentNode = doc.PrependChild(doc.CreateComment(headerComment));
            doc.InsertAfter(doc.CreateWhitespace("\r\n"), commentNode);

            doc.AppendChild(doc.CreateWhitespace("\r\n\r\n"));
            StringBuilder footerComment = new StringBuilder();
            footerComment.Append("\r\n PUBLIC KEY INFORMATION *** Store in your Provider code *** \r\n\r\n");
            footerComment.Append("Modulus:  ");
            footerComment.Append(doc.DocumentElement["Modulus"].InnerText);
            footerComment.Append("\r\n\r\n");
            footerComment.Append("Exponent:  ");
            footerComment.Append(doc.DocumentElement["Exponent"].InnerText);
            footerComment.Append("\r\n\r\n");
            footerComment.Append("In Byte Array format:  ");
            footerComment.Append("\r\n");

            RSAParameters rsaParams = rsaObj.ExportParameters(false);

            footerComment.Append(GetFormattedPublicKeyByteArray(rsaParams.Exponent,rsaParams.Modulus));

            doc.AppendChild(doc.CreateComment(footerComment.ToString()));

            keyTextBox.Text = doc.OuterXml;



        }


        private string GetFormattedPublicKeyByteArray(byte[] Exponent, byte[] Modulus)
        {

            //FORMAT:
            //First four bytes is the length the Exponent.
            //Second four bytes is  the length of the Modulus.
            //Next set of bytes is the exponent.
            //Next set of bytes is the modulus.

            //get length of Exponent
            byte[] lenExponent = BitConverter.GetBytes(Exponent.Length);

            //get length of Modulus
            byte[] lenModulus = BitConverter.GetBytes(Modulus.Length);

            //combined array
            byte[] combined = new byte[Exponent.Length + Modulus.Length + lenModulus.Length + lenExponent.Length];

            int elemPos = 0;
            Array.Copy(lenExponent,0,combined,elemPos,lenExponent.Length);
            elemPos += lenExponent.Length;
            Array.Copy(lenModulus,0,combined,elemPos,lenModulus.Length);
            elemPos += lenModulus.Length;
            Array.Copy(Exponent,0,combined,elemPos,Exponent.Length);
            elemPos += Exponent.Length;
            Array.Copy(Modulus,0,combined,elemPos,Modulus.Length);

            StringBuilder sb = new StringBuilder();

            int nextElement = 0;
            int lengthOfSubArray = (combined.Length / 8) + 1;
            byte[] subArray = null;
            for(int i = 0; i<8;i++)
            {
                if (i == 7)
                {
                    //get all remaining bytes for the last step
                    lengthOfSubArray = combined.Length - nextElement;
                }


                subArray = new byte[lengthOfSubArray];
                Array.Copy(combined,nextElement,subArray,0,lengthOfSubArray);
                sb.Append("Array ");
                sb.Append(i);
                sb.Append(": ");
                sb.Append(GetByteArrayRepresentation(subArray));
                sb.Append("\r\n\r\n");
                nextElement += lengthOfSubArray;
            }


            return sb.ToString();

        }

        private string GetByteArrayRepresentation(byte[] array)
        {
            StringBuilder sb = new StringBuilder();

            sb.Append("{");

            for (int i = 0; i < array.Length; i++)
            {
                sb.Append(array[i]);

                if (i != (array.Length - 1))
                {
                    sb.Append(',');
                }
            }

            sb.Append("}");
            return sb.ToString();
        }

        private void closeButton_Click(object sender, EventArgs e)
        {
            text = keyTextBox.Text;
        }

        private void clipButton_Click(object sender, EventArgs e)
        {
            Clipboard.Clear();
            Clipboard.SetText(keyTextBox.Text);
            clipButton.Enabled = false;
        }


    }

    
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By

Sunny Ahuwanya

Software Developer

United States

Sunny has been developing software for the Microsoft-based platforms since the MS-DOS days. He has coded in C, VB (4 to 6) and C#. He enjoys designing and developing server-side .NET distributed applications.

He currently works for a Fortune 500 company. When he's not coding, he likes reading, hanging out with friends and sight-seeing.

Tamper-proof and Obfuscate your Configuration Files

License

Comments and Discussions