如何保护我的文件不被发送到 Skype 或上传到 cPanel [英] How to protect my file from sending to skype or upload to cPanel
问题描述
我正在为我的公司编写一个应用程序,并且有一个文件观察器:
I'm programming an application in my company, and there is a file watcher:
fsw.NotifyFilter = (NotifyFilters.Security Or NotifyFilters.LastAccess Or NotifyFilters.LastWrite)
AddHandler fsw.Changed, New FileSystemEventHandler(AddressOf OnChanged)
AddHandler fsw.Created, AddressOf OnChanged
AddHandler fsw.Renamed, AddressOf OnRenamed
AddHandler fsw.Deleted, AddressOf OnChanged
但我想通过在 Skype、Messenger 中发送或将其上传到任何云来保护某些文件免受用户侵害.
But I want to protect some files from users by send it in skype, messanger oruploading it to any cloud.
例如.我有一个使用 dogland.exe 打开的 dgg 文件,我想将此 .dgg 扩展名设为仅使用此应用程序,并对其进行加密和保护以防止其他程序读取此文件.
Ex. I have an dgg file it open with dogland.exe, I want to make this .dgg extension to just with this app and encrypt and protect it from other programs to read this file.
保护此文件的最佳方法是什么?我正在使用 vb.net,4.6.1
What is the best way to protect this file? I'm using vb.net, 4.6.1
推荐答案
您无法阻止在其计算机上具有管理员权限的用户发送文件(如果他们愿意),所以您是对的答案是让它在别处无用.
You're not going to be able to stop a user with admin rights on their machine from sending a file if they want to, so you're right that the answer is to make it useless elsewhere.
在回答你的问题之前,我想说明两个关键点:
Before answering your question, I want to address two key points:
- 安全有不同的级别.在信息安全方面,您实现的保护级别与您投入的工作量相对应;
- 您无法阻止技术娴熟、意志坚定的攻击者,因为某处总有弱点.你所能做的就是让他们的工作更难.您必须决定您愿意承担的风险状况以及需要付出的努力程度.
也就是说,最简单的方法是对称加密,您的程序使用相同的密钥来加密和解密.这对于检查您的代码并检索密钥的人来说很容易受到攻击,但它会阻止大多数随意的尝试.
That said, the absolute simplest method is symmetric encryption, where your program uses the same key to both encrypt and decrypt. This is vulnerable to someone examining your code and retrieving the key, but it will stop most casual attempts.
要试一试,把它放在主窗体中:
To try it, put this in the main form:
Private Function Encrypt3DES(plainText As String, pw As String) As String
Dim wrapper As New Simple3Des(pw)
Dim cipherText As String = wrapper.EncryptData(plainText)
Return cipherText
End Function
Private Function Decrypt3DES(cipherText As String, pw As String, ByRef plainText As String) As Boolean
Dim wrapper As New Simple3Des(pw)
' DecryptData throws if the wrong password is used.
Try
plainText = wrapper.DecryptData(cipherText)
Return True
Catch ex As System.Security.Cryptography.CryptographicException
Return False
End Try
End Function
这是一个辅助模块:
Imports System.Security.Cryptography
Public NotInheritable Class Simple3Des
Private TripleDes As New TripleDESCryptoServiceProvider
Sub New(ByVal key As String)
' Initialize the crypto provider.
TripleDes.Key = TruncateHash(key, TripleDes.KeySize \ 8)
TripleDes.IV = TruncateHash("", TripleDes.BlockSize \ 8)
End Sub
Private Function TruncateHash(
ByVal key As String,
ByVal length As Integer) As Byte()
Dim sha1 As New SHA1CryptoServiceProvider
' Hash the key.
Dim keyBytes() As Byte =
System.Text.Encoding.Unicode.GetBytes(key)
Dim hash() As Byte = sha1.ComputeHash(keyBytes)
' Truncate or pad the hash.
ReDim Preserve hash(length - 1)
Return hash
End Function
Public Function EncryptData(
ByVal plaintext As String) As String
' Convert the plaintext string to a byte array.
Dim plaintextBytes() As Byte =
System.Text.Encoding.Unicode.GetBytes(plaintext)
' Create the stream.
Dim ms As New System.IO.MemoryStream
' Create the encoder to write to the stream.
Dim encStream As New CryptoStream(ms,
TripleDes.CreateEncryptor(),
System.Security.Cryptography.CryptoStreamMode.Write)
' Use the crypto stream to write the byte array to the stream.
encStream.Write(plaintextBytes, 0, plaintextBytes.Length)
encStream.FlushFinalBlock()
' Convert the encrypted stream to a printable string.
Return Convert.ToBase64String(ms.ToArray)
End Function
Public Function DecryptData(
ByVal encryptedtext As String) As String
Try
' Convert the encrypted text string to a byte array.
Dim encryptedBytes() As Byte = Convert.FromBase64String(encryptedtext)
' Create the stream.
Dim ms As New System.IO.MemoryStream
' Create the decoder to write to the stream.
Dim decStream As New CryptoStream(ms,
TripleDes.CreateDecryptor(),
System.Security.Cryptography.CryptoStreamMode.Write)
' Use the crypto stream to write the byte array to the stream.
decStream.Write(encryptedBytes, 0, encryptedBytes.Length)
decStream.FlushFinalBlock()
' Convert the plaintext stream to a string.
Return System.Text.Encoding.Unicode.GetString(ms.ToArray)
Catch ex As Exception
Return ""
End Try
End Function
End Class
要实现上述代码,只需在将数据写入文件之前对数据调用 encrypt 方法:
To implement the above code, just call the encrypt method on your data before writing it to your file:
Dim encdata = Encrypt3DES(PlainTextStringToEncrypt, password)
' Write encdata to file...
并且在从文件加载数据后调用 Decrypt3DES 来解密数据:
And you invoke Decrypt3DES to decrypt the data after you load it from your file:
Dim DecodedData as string = ""
If Decrypt3DES(EncryptedData, Password, DecodedData) = True Then
'Do something with DecodedData
End If
这可能是最简单的解决方案,但最佳"一词在信息安全方面是相对的.您需要根据您试图保护的信息的价值和暴露信息的风险状况来调整您的努力程度.你可以做得太多或太少.
This is probably the simplest solution, but the word 'best' is relative in information security. You need to tailor your level of effort to the value of the information that you are trying to protect and the risk profile of having it exposed. You can do either too much or too little.
您可以通过不在本地存储加密密钥,而是在运行时从服务器检索它并在使用后立即将其从内存中清除来使此方法更强大.或者,您可以对加密密码进行加密,因此实际密码本身在反汇编程序中是不可见的,需要额外的工作才能获得它.你可以做一千件事 - 希望这能给你一个起点.
You could make this method stronger by not storing the encryption key locally but retrieving it at runtime from a server and clearing it from memory immediately after use. Or, you can encrypt the encryption password, so the actual password itself isn't visible in a disassembler and extra work is needed to get it. There are a thousand things you could do - hopefully this give you a starting point.
如果您想要更高级,您可以研究基于证书的签名和/或基于服务器的控件,而用户无权操作这些控件.这完全是一个信息值得保护多少的问题.
If you wanted to get more advanced, you could look into certificate-based signing and/or server-based controls that the user has no access to manipulate. It's all a question of how much the information is worth protecting.
免责声明:我不保证这适用于任何特定目的.这可能适合也可能不适合您的需求.自行研究并确保任何安全机制都适合您的目的.
DISCLAIMER: I don't warrant this to be fit for any particular purpose. This may or may not be suitable for your needs. Do your own research and ensure that any security mechanisms are fit for your purpose.
这篇关于如何保护我的文件不被发送到 Skype 或上传到 cPanel的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
