TripleDES Key Management
From: paul reed (prreed@jacksonreed.com)
Date: 01/15/03
- Next message: Alex Ayzin: "Data Security of XML Web Services during transfers"
- Previous message: Sean Anderson: "Re: Visual Studio .Net problem"
- Next in thread: Mike Moore [MS]: "RE: TripleDES Key Management"
- Reply: Mike Moore [MS]: "RE: TripleDES Key Management"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "paul reed" <prreed@jacksonreed.com> Date: Tue, 14 Jan 2003 16:37:22 -0800
I have all my tripleDES stuff working just fine thanks to
help received in this group and others. However, I have a
problem of how/where to manage my keys used to
encrypt/decrypt my uid/pswrd for SQL Server.
First, I am going to be running this .NET application at
an ISP that hosts .NET applications. So, we must us SQL
Server authentication. We also are not allowed to use the
Registry, or do anything with ACLs on any directories...as
well as cannot touch the machine.config file.
So, right now I plan to (...with sage advice to the
contrary) to store my encrypted uid/pwd in the web.config
file. I don't want to use DPAPI to encrypt the entire
connection string because we must use the machine approach
and if the ISP ever "transparently" moved our app to a new
machine, then then a different hash would be created
causing even more grief.
Ok...so this brings me to...where should I put the key and
IV values to decrypt the information? Any ideas given my
situation? One suggestion read somewhere on MSDN was to
just "bury them in the code". This might not be a bad idea
as we are only moving the binaries to the ISP.
Regards,
Paul Reed
- Next message: Alex Ayzin: "Data Security of XML Web Services during transfers"
- Previous message: Sean Anderson: "Re: Visual Studio .Net problem"
- Next in thread: Mike Moore [MS]: "RE: TripleDES Key Management"
- Reply: Mike Moore [MS]: "RE: TripleDES Key Management"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
