如何在WPF C#应用程序中安全地部署PPK文件? [英] How to securely deploy PPK file in WPF C# app?

问题描述

我有一个C#应用程序，该应用程序连接到SFTP服务器以传输日志文件. 该应用程序通过使用WinSCP .NET程序集连接到服务器来实现此目的.

I have a C# app that connects to a SFTP server to transfer log files. The app achieves this by using WinSCP .NET assembly to connect to the server.

如何安全地存储.ppk私钥文件，以使用户无法使用该文件自己访问SFTP?

How do I securely store the .ppk private key file such that the user is not able to take this file to access the SFTP for themselves?

http://winscp.net/eng/docs/library#csharp

基于库引用.ppk的方式，可能无法避免在运行时将.ppk文件存储在本地磁盘上吗?

Based on the way the library reference the .ppk, it may not be possible to avoid storing the .ppk file on the local disk during run-time?

谢谢.

推荐答案

通常没有办法向最终用户隐藏(任何)应用程序所拥有的任何类型的凭据.您只能使它们很难被发现，但是是否值得值得怀疑.

There's generally no way to hide any kind of credentials that (any) application possess from the end user. You can only make them hard to be found, but it's questionable whether it is even worth the effort.

您可以(并且应该做)是确保凭据仅授予必要的访问权限.

What you can (and should do) is to make sure the credentials grants only as little access as necessary.

因此，在您的情况下，请确保您使用私钥对帐户进行身份验证:

So in your case, make sure the account, you authenticate with the private key:

• 只有写访问权限(没有读访问权限，甚至没有列表)
• 并且磁盘配额低
定期(或自动)监视
• 任何异常活动

• has only write access (no read access, nor even list)
• and has a low disk quota
• is regularly (or automatically) monitored for any unusual activity

特别是关于WinSCP .NET程序集的私钥:

Specifically regarding the private key for WinSCP .NET assembly:

是的，它必须存储在磁盘上(即临时提取到临时文件夹中).虽然您可以使用密码对私钥进行加密.并在应用程序中对密码进行硬编码(如果需要，可以对其进行混淆).

Yes, it has to be stored on the disk (i.e. temporarily extracted to a temp folder). Though you can have the private key encrypted with a passphrase. And have the passphrase hard-coded in the application (obfuscated if your want).

请参见 SessionOptions.SshPrivateKeyPassphrase .

另请参见保护用于自动化的凭据上的WinSCP文章.

See also WinSCP article on Protecting credentials used for automation.

这篇关于如何在WPF C#应用程序中安全地部署PPK文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！