我如何以及在何处存储机密用户信息? [英] HOW and WHERE can I store Confidential User Information?

问题描述

我正在尝试将我的程序的机密加密用户信息存储在一台计算机上.我不希望将应用程序复制到另一台计算机上并且可以使用.因此，我当时正在考虑将信息存储在注册表中，但我读到那是一个非常不安全的位置，并且由于更多的原因而变得很糟糕.我开始将信息存储在程序Settings.config文件中，但不确定如何对该信息进行加密.到目前为止，我唯一需要做的就是将信息存储在XML文件中并对其进行加密，但是我希望信息更隐蔽和更安全.
在如何以及在何处存储一些机密信息的任何帮助将不胜感激！ :)

解决方案

查找隔离存储:
如果要加密数据，则应了解安全级别取决于加密算法的强度，并且重要的是取决于存储密钥的方式.您应该考虑哪种类型的利用更为危险:解密或修改加密数据的能力.这两个方面都可能同等重要.在这种情况下，公钥加密( http://en.wikipedia.org/wiki/Public-key_cryptography [ ^ ]))可能看起来是多余的，所以对称密钥算法更快( http://en.wikipedia.org/wiki/Symmetric_key_algorithms [ ^ ])会更合适.进一步的考虑取决于您要设计的常规安全方案.

相反，如果您只想保护仅由一个用户使用的数据，则可以设计一个模式，当一个私钥仅对用户是已知的，而不存储在系统中时(因此，您的站点人员中没有人可以操纵用户的私钥). ' 数据).在这种情况下，您应该使用公钥加密.

两种类型的加密算法都在.NET中很好地实现.参见:
公钥密码术(非对称算法): http: //msdn.microsoft.com/zh-CN/library/system.security.cryptography.asymmetricalgorithm.aspx [ http://msdn.microsoft.com/en-us/library /system.security.cryptography.symmetricalgorithm.aspx [ 此处是 ProtectedData类在您的情况下使用. 此处是如何:使用数据保护". /blockquote>

I am trying to store confidential encrypted user information for my program on a single computer. I do not want the application to be copied on to another computer and be usable. So I was thinking about storing the information in the Registry but I read that that is a very unsafe location and is bad for more reasons then one. I started storing the information in the programs Settings.config file but I am not sure how to encrypt that information.. The only thing I have gotten to work so far is storing the information in a XML file and encrypting that which has worked but I want the information to be more hidden and more secured.
Any help on how and where to store some confidential information would be greatly appreciated! :)

解决方案

Look for isolated storage: http://msdn.microsoft.com/en-us/library/3ak841sy%28v=VS.100%29.aspx[^]. In particular, read the section "Secure Access" to understand security implications.

If you want to encrypt the data, you should understand that the level of security depends on the strength of the encryption algorithm and, importantly, on how you store the key(s). You should consider what kind of exploit is more dangerous: ability to decrypt or modify encrypted data. It''s likely that both aspects are equally important; in this case the power of public-key cryptography (http://en.wikipedia.org/wiki/Public-key_cryptography[^]) may appear redundant, so faster symmetric-key algorithms (http://en.wikipedia.org/wiki/Symmetric_key_algorithms[^]) would be more appropriate. Further considerations depend on the general security scenarios you want to devise.

In contrast, if you want to protect data exclusively used by only one user, you can devise a schema when a private key is known only to the user and not stored in the system (so no one of your site personnel could manipulate the users'' data). In this case, you should use public-key cryptography.

Both types of encryption algorithms are well implemented in .NET. See:
Public-key cryptography (Asymmetric algorithms): http://msdn.microsoft.com/en-us/library/system.security.cryptography.asymmetricalgorithm.aspx[^];
Symmetric algorithms: http://msdn.microsoft.com/en-us/library/system.security.cryptography.symmetricalgorithm.aspx[^].

—SA

Always search MSDN first. The keyword is "Cryptography".
Here is ProtectedData Class that can be used in your case. And here is "How to: Use Data Protection".

这篇关于我如何以及在何处存储机密用户信息?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！