-
-
Creating secure applications is more important today than ever before. Most distributed applications need some form of cryptography to protect your secrets from snooping eyes whether they're hackers, users, or even your own DBA. The .NET Framework makes it easy to encrypt and decrypt data. It provides a number of cryptography algorithms. Each works by encrypting or decrypting data using a password or key. The password or key itself must be secured and protected in a way that only allows your application to access it.
Starting with Windows 2000, Microsoft began including an API to perform application-level encryption and decryption of data, this API is called Data Protection API or DPAPI. The DPAPI is used to hide secrets like connection strings and user credentials that are typically stored in a config file or in plain text. DPAPI uses a specifically strong cryptographic algorithm called Triple-DES and strong keys. You can use it to encrypt and decrypt your sensitive data at a machine or user specific level. DPAPI uses either a key derived from the machine or the currently logged-on user. The key can be optionally augmented with an application-specific secret key referred to as secondary entropy. As you can imagine, the benefits of using the DPAPI are not only that applications get a strong encryption algorithm but also that they don't have to handle, protect, or remember the secret key value.
The user profile approach affords an additional layer of security because it limits who can access the secret. Only the user who encrypts the data can decrypt the data.
The machine store approach is easier to develop because it does not require user profile management. However, unless an additional entropy parameter is used, it is less secure because any user on the computer can decrypt data. (Entropy is a random value designed to make deciphering the secret more difficult.) The problem with using an additional entropy parameter is that this must be securely stored by the application, which presents another key management issue.
Overall, DPAPI is a very easy-to-use service that will benefit developers that must provide protection for sensitive application data, such as passwords and private keys.
Below is the link to the class library that I created, that wrapps the DPAPI, and a demo application, showing how to use it. There is a link to SA Dev, that has my complete artical and source code.
Download: DPAPI .Net
Link: SA Dev
-
-
The idea is that we all come together to learn how to code something new together, the topic that I chose for the project is a media player. I will be giving out the base source code, at the meeting, then we all can improve on it at the same time, it is going to be lots of fun, with some spot prizes for the must funniest interface, most unorganized code, (that is correct, a prize for the most unorganized code), fewest line, least functional, most functional and lots more. The whole idea is to have a very fun and interactive SA Dev meeting.
Title: SA Dev coding session
When: 19 February 2005
Location: Microsoft’s Office
Time: 10:30 am
RSVP: Please RSVP to slain@mailbox.co.za by 16 February 2005.
Requirements: Those of you that are going to attend in the coding session will have to bring there own pc or laptop, with vs.net installed already.
The presentation will be delivered by Deon Spengler and Rudolf Henning.
There won’t be any food supplied, we will have to get our own food, at some point during the coding session. I will try and organize some free Red Bull for the even though.
For those that can’t bring there pc or laptop, you are welcomed to come and check the coding session out, you might even learn something. :-)
I hope to see you all there.