保护客户端数据 [英] Securing client data

问题描述

我需要在客户端计算机上存储一些密码，(VB/C#).net应用程序将使用这些密码来连接数据库.
数据库名称/密码组合是基于具有域身份验证的Web服务传递给客户端的.
因此，只能将该用户允许的数据库名称/密码组合存储在客户端计算机上.存储很重要，因为用户将无法始终访问Web服务.

因此，在访问Web服务后，数据库名称/密码组合的列表将保存在客户端上，并且可由客户端程序使用后缀.

但是，不允许客户端系统上的用户读取/重新分配密码.

因此，我正在寻找一种加密客户端密码的方法，以使只有我的应用程序才能解密并使用它们.

不允许任何其他应用程序直接读取或解密.
据我所知，很难在.net应用程序中隐藏加密密钥，而无法通过在编辑器中检查该应用程序或通过另一个.net应用程序读取加密的设置文件来读取它.

关于如何实现这一目标的任何想法?

谢谢！

I need to store some passwords on a client machine which will be used by a (VB / C#) .net application to connect to a database.
The database-name/password combination is delivered to the client based on a web-service that has domain authentication.
So only allowed database-name/password combinations for that user may be stored on the client machine. The storing is important as the user will not always have access to the webservice.

So after webservice access, a list of database-name/password combinations is saved on the client and can be used afterwords by the client-program.

Though, it is not allowed that the user on the client system can read/redistribute the passwords.

So I am looking for a way to encrypt the passwords on the client in such a way that only my application can decrypt it and use them.

No direct reading or decryption by any other application is allowed.
In my knowledge it is hard to hide an encryption key in a .net application without the possibility to read it by examining the application in an editor or by reading the encrypted settings file through another .net application.

Any ideas in how to achieve this goal?

Thanks!

推荐答案

检查Microsoft网站上的CNG(下一代密码学)也是一个不错的起点. /en-us/library/cc749280(WS.10).aspx>此处 [

Check Microsoft websites for CNG (Cryptography Next Generation) A good place to start is also here[^]

我的第一个建议是您以一种方式对密码进行哈希处理，以使密码永远不会被解密.然后，当用户输入密码时，您将以完全相同的方式对它进行哈希处理并将其与存储的哈希进行比较.这是我用来哈希密码的函数.

My first suggestion is that you one way hash the passwords so that they can never be decrypted. Then when a user types in a password you hash it the exact same way and compare it to the stored hash. Here is a function I use to hash passwords.

Public Function HashString(ByVal instrString As String) As String
    'This function will:
    '- Create a SHA2 hash of the incomming parm and return it.
    '  (Hash will be 64 characters long)
  
    'Create an encoding object to ensure the encoding standard for the source text
    Dim Ue As New System.Text.UnicodeEncoding()

    'Retrieve a byte array based on the password
    Dim ByteSourceText() As Byte = Ue.GetBytes(Trim(instrString))

    'Instantiate an SHA2 Provider object
    Dim SHA2 As New System.Security.Cryptography.SHA384Managed

    'Compute the hash value from the source
    Dim ByteHash() As Byte = SHA2.ComputeHash(ByteSourceText)

    'And convert it to String format for return
    Dim strSha2 As String = Convert.ToBase64String(ByteHash)

    Return Convert.ToBase64String(ByteHash)

End Function

您可以在 CP文章中找到更多信息. [ ^ ]您可能想研究盐腌哈希.和本文 [

You can find a lot more information in the CP Articles.[^] You may want to research salting a hash. And this article[^] seemed to really define the different types of cryptography.

Hope this helps.

这篇关于保护客户端数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！