Reputation: 5627
Safe and secure way to keep encrypted data and private key in C# Dll
The question about storing connection string in safest way.
My current approach (Don't laugh)
1. Wrote RSAEncryption program and passed connection string to generate cypher.
2. Stored Cypher and private key in Resource file
3. Runtime retrieved encryption file again.
My concern of using config file
- I am creating library so projects who will use my dll will need to copy my config file which I dont want
Please tell me best practice to store connection string inside the dll.
Regards, Omkar
Upvotes: 2
Views: 1199
Answers (1)
Reputation: 17010
There is a built in mechanism in .NET to encrypt sections of config. The beauty is you can use DPAPI and have the machine itself create the key, so nobody knows what it is except Windows. The best thing is you get this pretty much for free (small learning curve) and the learning curve is easily handled with a quick Google search on encrypting configuration files. May not fit all scenarios, but it is more likely to be secure than a quickly envisioned alternative.
The only issue here is if this is shrinkwrap ware (ie, you are selling software), but there are ways to handle that by having the install require network and adding the bits they can't know while you encrypt only go into memory during install. :-)
Upvotes: 1
Related Questions
- Best way to store encryption keys in .NET C#
- WinRT where store RSA private key
- Encrypting with app public/private key in .net
- Saving private key in application
- How to keep Encryption Password inside of the application?
- Where to store secret key of the c# application
- Where to store sensitive information needed for an application to run?
- C# Encrypt and Decrypt DLL on the fly
- Best practices for storing secret keys
- How to safely store encryption key in a .NET assembly