如何隐藏在.NET应用程序的加密密钥? [英] How do you hide an encryption key in a .NET application?
问题描述
我在开发使用一些数据(本地的Web服务器)的Intranet应用程序(C#),我们想保密的。这个数据是使用传统的数据存储库加密(AES)。我们不能完全防止机器的物理访问。
I'm developing an intranet application (C#) that uses some data (local to the web server) that we'd like to keep private. This data is encrypted (AES) using a legacy data repository. We can't totally prevent physical access to the machine.
显然,我们永远不会在这里有完美的安全。但是,我们希望把它很难,因为任何人都有可能获得对数据的非法访问。
Clearly, we're never going to have perfect security here. However, we want to make it as hard as possible for anyone to gain unauthorized access to the data.
现在的问题是如何最好地存储密钥。加密是基于一些特定于机器的ID是一种选择,但这些信息将随时提供给运行的计算机上的诊断工具的人。
The question is how best to store the key. Encrypting it based on some machine specific ID is an option, but that information would be readily available to anyone running a diagnostic tool on the machine.
在应用程序编码是一个选项(这是一个一次性的应用程序)。然而,.NET程序集是很容易反编译。因此,这将是最好混淆它,使用加密发射器,编译它?
Encoding it in the application is an option (it's a one off application). However, .NET assemblies are pretty easy to decompile. So, would it be best to obfuscate it, use an encryption launcher, compile it?
还是有我丢失的选项?
只是让我们清楚了,我知道这几乎是一个失败的事业,如果有人是确定的,但我们正在寻找的约束内使硬越好。
Just so we're clear, I know it's pretty much a lost cause if someone is determined, but we're looking to make it as hard as possible within the constraints.
推荐答案
加密内置在.NET的配置系统。您可以加密您的应用程序/ web.config文件的块,其中包括您存储私钥。
Encryption is built into the .NET configuration system. You can encrypt chunks of your app/web.config file, including where you store your private key.
这篇关于如何隐藏在.NET应用程序的加密密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
