如何在.NET应用程序中隐藏加密密钥? [英] How do you hide an encryption key in a .NET application?
问题描述
我正在开发一个内部网应用程序(C#),它使用一些我们想保持私有的数据(本地到Web服务器)。该数据使用旧数据存储库进行加密(AES)。我们不能完全防止物理访问机器。
I'm developing an intranet application (C#) that uses some data (local to the web server) that we'd like to keep private. This data is encrypted (AES) using a legacy data repository. We can't totally prevent physical access to the machine.
显然,我们永远不会有完美的安全性。但是,我们希望让任何人尽可能地努力获取未经授权的数据访问。
Clearly, we're never going to have perfect security here. However, we want to make it as hard as possible for anyone to gain unauthorized access to the data.
问题是如何最好地存储密钥。基于某些特定于机器的ID进行加密是一种选择,但是,在机器上运行诊断工具的任何人都可以使用该信息。
The question is how best to store the key. Encrypting it based on some machine specific ID is an option, but that information would be readily available to anyone running a diagnostic tool on the machine.
在应用程序中编码它是一个选项(它是一个应用程序)。但是,.NET程序集很容易进行反编译。那么最好是混淆它,使用加密启动器,编译它?
Encoding it in the application is an option (it's a one off application). However, .NET assemblies are pretty easy to decompile. So, would it be best to obfuscate it, use an encryption launcher, compile it?
还有一个选项我缺少?
只要我们清楚,我知道如果某人有决心,这是一个失败的原因,但我们希望在限制条件下尽可能的努力。
Just so we're clear, I know it's pretty much a lost cause if someone is determined, but we're looking to make it as hard as possible within the constraints.
推荐答案
加密内置于.NET配置系统中。您可以加密您的应用/ web.config文件的块,包括您存储私钥的位置。
Encryption is built into the .NET configuration system. You can encrypt chunks of your app/web.config file, including where you store your private key.
这篇关于如何在.NET应用程序中隐藏加密密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
