Reputation: 4775
Need to hard-code a password
I am doing this application and it depends on settings that are stored in an xml file. This file should be encrypted and the values inside it are provided by the guy responsible for creating the application setup and is used to determine available functionality options depending on the version the user installed.
I need a way to store the password hard-coded in my software to be able to decrypt that file at runtime and read the values in it to see which features of the app the user has access to.
Bear in mind that this file should not be edited and is provided as part of the software.
I haven't provided any code, because its more of a design issue than a coding issue.
I know that hard-coding a password is stupid yet I am out of options.
Upvotes: 2
Views: 8917
Answers (4)
Reputation: 31406
An approach would be to always encrypt the settings file based on some hash of the file. Then, your software could use the same hash as the key to decrypt the file.
So you'd basically do the following:
- Get the file name (and/or some other attribute of the file - size, perhaps)
- Compute the hash of the file name
- Use that hash to decrypt the file
Not saying this is a good approach or an approach I'd personally use in any sort of production software but at least you're not relying upon either a plaintext or ofuscated string inside the code and it gives you the flexibility to change the settings filename and rely upon a convention for the encryption.
Again, this is only maybe a step above the "store the key in the source" solution.
Upvotes: 3
Reputation: 704
If I'm reading the question right - the OP needs to decrypt a file provided (already encrypted) with a 3rd party software package of some type and he has obtained the decryption password (key) from the original publisher of the software.
I would do something similar to what itsmatt suggests, only instead of encrypting the file, encrypt the provided password, store that encrypted password in your config file, then read and decrypt the password at runtime, and use it to decrypt the file.
This way you are not hardcoding a plaintext password in your source to be easily sniffed out. By keeping it in your config file, you can easily change it in the future if needed.
Answer to comment:
I use AES256.
I use this class to AES256 encrypt/decrypt:
#region Preprocessor Directives
# if __FRAMEWORK_V35 || __FRAMEWORK_V4
#define __DotNet35Plus
#endif
#if !__DotNet35Plus
#warning AES implementation used by this compile of the library is not NIST certified as FIPS 140-2 compliant
#endif
#endregion
#region Namespaces
using System;
using System.Security.Cryptography;
using System.IO;
using System.Text;
using System.Threading;
using System.Runtime.Serialization.Formatters.Binary;
#endregion
namespace Simple
{
public static class AES256Encryption
{
private static readonly object _lock = new object();
private const Int32 KeySize = 256;
#if __DotNet35Plus
private static AesCryptoServiceProvider thisCSP = new AesCryptoServiceProvider();
#else
private static RijndaelManaged thisCSP = new RijndaelManaged();
#endif
private static MemoryStream msEncrypt = new MemoryStream();
private static CryptoStream csEncrypt;
private static MemoryStream msDecrypt = new MemoryStream();
private static CryptoStream csDecrypt;
public enum stringIOType
{
base64EncodedString = 0,
HexEncodedString = 1
}
public static bool NISTCertified()
{
#if __DotNet35Plus
return true;
#else
return false;
#endif
}
#region Encryption Methods
public static byte[] encryptBytes(byte[] Value, string PassPhrase, Encoding PassPhraseEncoding)
{
try
{
Monitor.Enter(_lock);
return encryptBytes(Value, getKeyFromPassPhrase(PassPhrase, PassPhraseEncoding), getIVFromPassPhrase(PassPhrase, PassPhraseEncoding));
}
finally
{
Monitor.Exit(_lock);
}
}
public static byte[] encryptBytes(byte[] Value, byte[] Key, byte[] IV)
{
try
{
Monitor.Enter(_lock);
#if __DotNet35Plus
thisCSP = new AesCryptoServiceProvider();
#else
thisCSP = new RijndaelManaged();
#endif
thisCSP.KeySize = KeySize;
Int32 bitLength = Key.Length * 8;
if (bitLength != thisCSP.KeySize)
{
throw new ArgumentException("The supplied key's length [" + bitLength.ToString() + " bits] is not a valid key size for the AES-256 algorithm.", "Key");
}
bitLength = IV.Length * 8;
if (bitLength != thisCSP.BlockSize)
{
throw new ArgumentException("The supplied IV's length [" + bitLength.ToString() + " bits] is not a valid IV size for the AES-256 algorithm.", "IV");
}
ICryptoTransform Encryptor = thisCSP.CreateEncryptor(Key, IV);
msEncrypt = new MemoryStream();
csEncrypt = new CryptoStream(msEncrypt, Encryptor, CryptoStreamMode.Write);
csEncrypt.Write(Value, 0, Value.Length);
csEncrypt.FlushFinalBlock();
Encryptor.Dispose();
Encryptor = null;
msEncrypt.Close();
return msEncrypt.ToArray();
}
finally
{
thisCSP = null;
Monitor.Exit(_lock);
}
}
public static string encryptString(string Value, string PassPhrase, Encoding PassPhraseEncoding, Encoding inputEncoding, stringIOType outputType)
{
try
{
Monitor.Enter(_lock);
return encryptString(Value, getKeyFromPassPhrase(PassPhrase, PassPhraseEncoding), getIVFromPassPhrase(PassPhrase, PassPhraseEncoding), inputEncoding, outputType);
}
finally
{
Monitor.Exit(_lock);
}
}
public static string encryptString(string Value, byte[] Key, byte[] IV, Encoding inputEncoding, stringIOType outputType)
{
try
{
Monitor.Enter(_lock);
byte[] baseValue = (byte[])Array.CreateInstance(typeof(byte), inputEncoding.GetByteCount(Value));
baseValue = inputEncoding.GetBytes(Value);
switch(outputType)
{
case stringIOType.base64EncodedString:
return Convert.ToBase64String(encryptBytes(baseValue, Key, IV));
case stringIOType.HexEncodedString:
return ByteArrayToHexString(encryptBytes(baseValue, Key, IV));
default:
return Convert.ToBase64String(encryptBytes(baseValue, Key, IV));
}
}
finally
{
Monitor.Exit(_lock);
}
}
#endregion
#region Decryption Methods
public static byte[] decryptBytes(byte[] Value, string PassPhrase, Encoding PassPhraseEncoding)
{
try
{
Monitor.Enter(_lock);
return decryptBytes(Value, getKeyFromPassPhrase(PassPhrase, PassPhraseEncoding), getIVFromPassPhrase(PassPhrase, PassPhraseEncoding));
}
finally
{
Monitor.Exit(_lock);
}
}
public static byte[] decryptBytes(byte[] Value, byte[] Key, byte[] IV)
{
try
{
Monitor.Enter(_lock);
#if __DotNet35Plus
thisCSP = new AesCryptoServiceProvider();
#else
thisCSP = new RijndaelManaged();
#endif
thisCSP.KeySize = KeySize;
Int32 bitLength = Key.Length * 8;
if (bitLength != thisCSP.KeySize)
{
throw new ArgumentException("The supplied key's length [" + bitLength.ToString() + " bits] is not a valid key size for the AES-256 algorithm.", "Key");
}
bitLength = IV.Length * 8;
if (bitLength != thisCSP.BlockSize)
{
throw new ArgumentException("The supplied IV's length [" + bitLength.ToString() + " bits] is not a valid IV size for the AES-256 algorithm.", "IV");
}
try
{
byte[] Decrypted;
ICryptoTransform Decryptor = thisCSP.CreateDecryptor(Key, IV);
msDecrypt = new MemoryStream(Value);
csDecrypt = new CryptoStream(msDecrypt, Decryptor, CryptoStreamMode.Read);
Decrypted = (byte[])Array.CreateInstance(typeof(byte), msDecrypt.Length);
csDecrypt.Read(Decrypted, 0, Decrypted.Length);
Decryptor.Dispose();
Decryptor = null;
msDecrypt.Close();
Int32 trimCount = 0;
// Remove any block padding left over from encryption algorithm before returning
for (Int32 i = Decrypted.Length - 1; i >= 0; i--)
{
if (Decrypted[i] == 0) { trimCount++; } else { break; }
}
if (trimCount > 0)
{
byte[] buffer = (byte[])Array.CreateInstance(typeof(byte), Decrypted.Length - trimCount);
Array.ConstrainedCopy(Decrypted, 0, buffer, 0, buffer.Length);
Array.Clear(Decrypted, 0, Decrypted.Length);
Array.Resize<byte>(ref Decrypted, buffer.Length);
Array.Copy(buffer, Decrypted, buffer.Length);
buffer = null;
}
return Decrypted;
}
finally
{
thisCSP = null;
}
}
finally
{
Monitor.Exit(_lock);
}
}
public static string decryptString(string Value, string PassPhrase, Encoding PassPhraseEncoding, stringIOType inputType, Encoding outputEncoding)
{
try
{
Monitor.Enter(_lock);
return decryptString(Value, getKeyFromPassPhrase(PassPhrase, PassPhraseEncoding), getIVFromPassPhrase(PassPhrase, PassPhraseEncoding), inputType, outputEncoding);
}
finally
{
Monitor.Exit(_lock);
}
}
public static string decryptString(string Value, byte[] Key, byte[] IV, stringIOType inputType, Encoding outputEncoding)
{
try
{
Monitor.Enter(_lock);
byte[] baseValue;
switch (inputType)
{
case stringIOType.base64EncodedString:
baseValue = Convert.FromBase64String(Value);
break;
case stringIOType.HexEncodedString:
baseValue = HexStringToByteArray(Value);
break;
default:
baseValue = Convert.FromBase64String(Value);
break;
}
return outputEncoding.GetString(decryptBytes(baseValue, Key, IV));
}
finally
{
Monitor.Exit(_lock);
}
}
#endregion
#region Key/Digest Generation Methods
public static byte[] getKeyFromPassPhrase(string PassPhrase, Encoding encoder)
{
Monitor.Enter(_lock);
try
{
return getDigest(PassPhrase, encoder, 32);
}
finally
{
Monitor.Exit(_lock);
}
}
public static byte[] getIVFromPassPhrase(string PassPhrase, Encoding encoder)
{
Monitor.Enter(_lock);
try
{
byte[] buffer = (byte[])Array.CreateInstance(typeof(byte), encoder.GetByteCount(PassPhrase));
byte[] reverseBuffer = (byte[])Array.CreateInstance(typeof(byte), encoder.GetByteCount(PassPhrase));
buffer = encoder.GetBytes(PassPhrase);
for (Int32 i = 0; i <= buffer.Length - 1; i++)
{
reverseBuffer[i] = buffer[buffer.Length - i - 1];
}
return getDigest(reverseBuffer, 16);
}
finally
{
Monitor.Exit(_lock);
}
}
public static byte[] getDigest(string value, Encoding encoder, Int32 digestLength)
{
Monitor.Enter(_lock);
try
{
return getDigest(encoder.GetBytes(value), digestLength);
}
finally
{
Monitor.Exit(_lock);
}
}
public static byte[] getDigest(object value, Int32 digestLength)
{
Monitor.Enter(_lock);
try
{
BinaryFormatter bf = new BinaryFormatter();
MemoryStream ms = new MemoryStream();
bf.Serialize(ms, value);
return getDigest(ms.ToArray(), digestLength);
}
finally
{
Monitor.Exit(_lock);
}
}
public static byte[] getDigest(byte[] value, Int32 digestLength)
{
Monitor.Enter(_lock);
try
{
Int32 iterations = 0;
// Find first non-zero byte value to use to calculate iterations
for (Int32 i = 0; i < value.Length; i++)
{
if (value[i] != 0) { iterations = (Int32)(value[i] * 10); break; }
}
// There were no non-zero byte values use the max for iterations
if (iterations == 0) { iterations = (Int32)(byte.MaxValue * 10); }
Rfc2898DeriveBytes deriveBytes = new Rfc2898DeriveBytes(value, new SHA256Managed().ComputeHash(value), iterations);
return deriveBytes.GetBytes(digestLength);
}
finally
{
Monitor.Exit(_lock);
}
}
#endregion
#region HexArray/String String/HexArray Converters
public static string ByteArrayToHexString(byte[] ba)
{
try
{
Monitor.Enter(_lock);
StringBuilder hex = new StringBuilder(ba.Length * 2);
foreach (byte b in ba)
hex.AppendFormat("{0:x2}", b);
return hex.ToString();
}
finally
{
Monitor.Exit(_lock);
}
}
public static byte[] HexStringToByteArray(String hex)
{
try
{
Monitor.Enter(_lock);
int NumberChars = hex.Length;
byte[] bytes = new byte[NumberChars / 2];
for (int i = 0; i < NumberChars; i += 2)
bytes[i / 2] = Convert.ToByte(hex.Substring(i, 2), 16);
return bytes;
}
finally
{
Monitor.Exit(_lock);
}
}
#endregion
}
}
If you are using .Net Framework 3.5, or 4.0 define either __FRAMEWORK_V35 or __FRAMEWORK_V40 as a value for the preprocessor. The class used is not available for framework versions less than 3.5. If you are using an earlier framework version, just do not define the preprocessor values and an earlier class will be used.
First get the name of the file.
Then use the following to encrypt the OEM password (I'd suggest writing a little tool to do this):
string fileName = "Whatever The Filename is";
string password = "Whatever the OEM supplied password is";
string encryptedValue = Simple.AES256Encryption.encryptString(password, fileName, new UTF8Encoding(), new UTF8Encoding(), stringIOType.base64EncodedString);
Save the resulting base64 encoded string from encryptString to your config file.
To recover the OEM password:
string encryptedPassword = "This is the base64 encoded string you read from your config file";
string decrytptedPassword = Simple.AES256Encryption.decryptString(encryptedPassword, fileName, new UTF8Encoding(), stringIOType.base64EncodedString, new UTF8Encoding());
Upvotes: 3
Reputation: 203821
If you're giving the application to untrustworthy users (i.e. this is a desktop app, rather than code running on an [ASP] server that users can't access directly) then there's nothing that you can do.
If you are giving the code to the user that will decrypt a configuration file, at some point, they will be able to access that file themselves. You could make it harder, possibly even a lot harder if you put in the time/effort/money, but you can't make it impossible. Here are some things that they could do:
- Decompile your program and look for the
password = "12345"line of code. - Monitor the program's memory; see when it loads the XML file, and try to find the decrypted version of it in memory.
- Find the section of code where you read the decrypted XML file and do some action accordingly and change the code so that it always does whatever they want regardless of what's in the file (essentially just commenting out the
ifcheck).
Some things you can do to make the above steps harder (but not impossible) include:
- Obfuscating your code.
- Signing your code.
- Doing random pointless stuff to try to confuse would be code sniffers (for example play shell games by having 3 files, reading them all, decrypting them all, and then having 2 of them not actually be used.
- Send the config file to a web service of yours to be decrypted, rather than decrypting it locally. (This can be defeated by sniffing the network for the decrypted result).
- Have a web service that you query to see if the user has permissions to do what you want (again, this can be defeated by sniffing/spoofing the network connection).
Now, it might be possible to actually prevent the user from doing "something", depending on what the "something" is, by not giving them the code that does it in the first place. These would be (potentially; if coded correctly) unbreakable:
- Do the work on a server.
- Have a web service that does some of the sensitive work. The desktop app only manages the UI or other non-sensitive tasks. If you do this the user can only break the code you've given them.
- Make the whole app a website, or other server based application (i.e. think of MMORPGS) where it simply doesn't function at all without a server; it does almost all of the sensitive (and non-sensitive) work.
Note that the only true solutions require an internet connection being available for all users when using the application; they can't be offline.
Upvotes: 9
Reputation: 56536
internal const string XmlPassword = "This is more like security through "+
+"obfuscation than real security. If it fits your purposes, cool, but you "+
+"might want to consider using real encryption, like public key encryption";
Upvotes: 4