Cryptography
-
Hello people, I know that System.Security.Cryptography is a good way to protect data but now I have another problem. How to protect my private key? I can't leave may key on EXE or DLL's becaus C# is an easy way for reverse engeneering... I don't just said easy but... SO VERY MUCH EASY A LOT (lol)... What can I do to protect this? Wender Oliveira .NET Programmer
-
Hello people, I know that System.Security.Cryptography is a good way to protect data but now I have another problem. How to protect my private key? I can't leave may key on EXE or DLL's becaus C# is an easy way for reverse engeneering... I don't just said easy but... SO VERY MUCH EASY A LOT (lol)... What can I do to protect this? Wender Oliveira .NET Programmer
You wouldn't distribute your private key anyway. That's always bad no matter what you're doing. If you're looking for a way to verify data, you'll want to use digital signatures. This allows you to distribute your public key (it's public, so it doesn't really matter*) and verify the signature of the signed data (it's a digest of the signed data encrypted with your private key; RSA and DSA implement this differently). While my article probably isn't what you're looking for, read Using XML Digital Signatures for Application Licensing[^] for a good conceptual overview. If you need to encrypt data, it's often best you use services provided by the OS. If you'll always run on Windows, read How To Create a DPAPI Library[^] on MSDN. This is a handy API for storing encrypted credentials, and is used by Passport (at least the local implementation that MSN and Windows Messengers use as well as IE for web sites). It's also very customizable and does most of the work for you. If you want to implement your own encryption, generate a key pair on the machine after the app's installed. Store that in a key container. This method is fool proof, but not cryptoanalyst proof.
Microsoft MVP, Visual C# My Articles