Re: Cryptography.

From: Brock Allen (ballen_at_NOSPAMdevelop.com)
Date: 10/06/05

  • Next message: [MSFT]: "RE: Cryptography."
    Date: Wed, 05 Oct 2005 16:31:40 -0700
    
    

    Oops, should read "Data Protection" API.

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen

    > Yeah, key management is a big problem. The way many of the built-in
    > keys are managed for ASP.NET is to encrypt them per-machine with yet
    > another key and let that key be managed by the LSA. This sounds odd,
    > but I think it's the best thing we have. So, look into the DPAPI
    > (DataProtected API) in Win32. I think Dominick has a managed wrapper
    > for v1.x and IIRC there's a managed wrapper built into v2.0.
    >
    > -Brock
    > DevelopMentor
    > http://staff.develop.com/ballen
    >> Hello,
    >> I am using .NET's cryptography classes(Symmetric algorithm) to
    >> encrypt/decrypt strings and streams. I want to know the place i
    >> should
    >> store
    >> the Key and the IV values for the algorithms?Since these values are
    >> sensitive information i definitely cannot store them in the code or
    >> config files. Please elucidate me on this.
    >> Thanks
    >>


  • Next message: [MSFT]: "RE: Cryptography."

    Relevant Pages

    • Re: Column level encryption - IDS 10
      ... you can not store an encrypted number in only 4 bytes. ... Undermining that effect is last comment on slide 17 "do not normally encrypt 4-byte integer numbers", which can be taken as meaning 'you cannot encrypt 4-byte integers'. ... Ignoring blobs, you will store the encrypted data in a CHARcolumn; if you are dealing with blobs, you'll still store those in blob columns. ... If you are planning to encrypt a 4-byte integer, you need to realize that it will be converted by the ENCRYPT_XXX function into a string value - IDS is good at that. ...
      (comp.databases.informix)
    • Re: Help needed for usecase: encrypt 40 bit to 40 bit without IV
      ... I am running into a use case where I will have to encrypt 40bit to ... Since there is no space to store any meta information, ... I was looking into stream ciphers in the first place, ... You can concatenate the identifier you use with an IV ...
      (sci.crypt)
    • Re: Store private key in cookie?
      ... Storing a key in a file somewhere is generally not a good idea, ... this is not secure) store it in the session object. ... > I was thinking of using RSA to encrypt the Rijndael key/IV. ... > private key in a cookie on a trusted 'admin' machine. ...
      (microsoft.public.dotnet.security)
    • Re: Store private key in cookie?
      ... Storing a key in a file somewhere is generally not a good idea, ... this is not secure) store it in the session object. ... > I was thinking of using RSA to encrypt the Rijndael key/IV. ... > private key in a cookie on a trusted 'admin' machine. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Help needed for usecase: encrypt 40 bit to 40 bit without IV
      ... I am running into a use case where I will have to encrypt 40bit to the ... Since there is no space to store any meta information, ... consider using a stream cipher. ... can be used in a stream mode by repeatedly encrypting an incrementing ...
      (sci.crypt)