在应用程序中存储密码 [英] Store password in application

问题描述

我有一个简单的概念，很多的威胁都谈论了如何加密密码，对称和不对称加密等...

A lot of threats talk about how to encrypt passwords, symetric and asymetric encryption etc...

如果我要求用户每次希望连接到sqlite数据库时键入密码，那么一切都可以。

I have a simple probem. If I require the user to type the password every time he wishes to connect to the sqlite database then everything is ok.

现在问题是我想将密码存储在应用程序中，以便用户每次希望连接到sqlite数据库时都不需要输入密码。

我知道我可以加密密码并将密码存储在任何地方。但是这意味着我需要存储第二个密码来解密其他地方的密码。

I know I can encrypt the password and store the password encrypted anywhere. But then that means that I will need to store the second password to decrypt that password somewhere else.

我可以继续重复这个过程并加密第二个密码，但是我会再次使用未加密的密码，我需要解密该密码。

I could keep repeating this process and encrypt the second password but then I will be left again with a unencrypted password that I need to unencrypt that password.

所以我的问题是...我应该在哪里存储我需要解密其他的最终密码密码？哪里可以放置该密码最安全的地方？

So my question is... where should I store that final password that I need to unencrypt other password? where will be the safest place to place that password?

如果你不明白最后一部分，这里是一个例子我最后一节要解释一下：

If you dont understand the last part, here is an example of what I tried to explain on the last part:

我们来说说：

打开数据库的密码是： code> 1234

password to open database is: 1234

然后我将使用密钥 someKey 让我们说，如果我然后unencrypt abcd

then I will encrypt that password with the key someKey and let's say that gives abcd

$ c>与密钥 someKey 我应该得到 1234

if I then unencrypt abcd with the key someKey I should get 1234

我可以使用密钥 someKey 再加密 abcd ，我可以得到 xy＃8

I could encrypt abcd again with the key someKey and I may get xy#8

最后，如果我可以通过uncrypting $ $获得 1234 c $ c> xy＃8 与密钥 someKey 然后我会得到 abcd 然后使用相同的密钥 someKey 来取消加密，以获得 1234

finally if I will be able to get the 1234 password by unencrypting xy#8 with the key someKey then I will get abcd I will then unencrypt that with the same key someKey in order to get 1234

所以没有垫我重复这个过程多少次，我总是会在应用程序的某个地方最终得到一些加密密钥 someKey 。我不需要存储该密钥的唯一方法是，如果我要求用户在每次连接数据库时都提供密码。

so it does not matter how many times I repeat this process I will always end up with some unencrypted key someKey somewhere in the application. The only way I will not be required to store that key is if I require the user to provide a password every time he whishes to connect to the database.

在应用程序中存储字符串 someKey 的最安全的位置是隐藏的？

where will be the safest place to store the string someKey in the application as hidden as possible?

推荐答案

您应该使用 ProtectedData 类来加密密码。

这将有Windows存储您的密钥。

You should encrypt the password using the ProtectedData class.
This will have Windows store the key for you.

如果您指定每用户加密，并且用户具有登录密码，Windows将使用登录密码创建其加密密钥。

If you specify per-user encryption and the user has a login password, Windows will use the login password to create its encryption key.

有关更多信息，请阅读有关 DPAPI 。

For more info, read about DPAPI.

这篇关于在应用程序中存储密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！