How to implement Strong cryptography with associated key-management processes and procedures in order to handle Credit Card information as per PCI standards in .Net Web application

Question

3.00/5 (1 vote)

See more:

How to implement Strong cryptography with associated key-management processes and procedures in order to handle Credit Card information as per PCI standards in .Net Web application:

1. How to secure data in SQL Server Database?
2. What would be encryption mechanism to secure data at UI and classes, objects?
3. How to encrypt XML files before send across?

Posted 29-Jan-14 8:25am

Member Nitin Patil

Updated 29-Jan-14 10:11am

v3

Add a Solution

Comments

Sergey Alexandrovich Kryukov 29-Jan-14 14:44pm

Too broad questions. It depends on scenarios, cannot be answered in a decisive way. I think you need to learn some basics of cryptography first.
—SA

Dave Kreskowiak 29-Jan-14 15:32pm

Too bad there's no voting for comments. A virtual 5 for you.

Sergey Alexandrovich Kryukov 29-Jan-14 20:16pm

Thank you, Dave. You good words are more valuable than any votes.
—SA

Member Nitin Patil 29-Jan-14 16:11pm

Yes SA, I know it is a broad scenario... but now a day’s most of the web applications (FS) handling Credit Card information with PCI standards. That’s the reason, I am checking if anyone has kind of experience and ideas on the same.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Lefteris Gkinis · Answer 1 · 2014-01-29T08:47:00

In order to encrypt Data you should use the following sub:

VB

Public Function EncodePassword(password As String) As String
            Dim encodedPassword As String = password
            Select Case pPasswordFormat
                Case MembershipPasswordFormat.Clear
                Case MembershipPasswordFormat.Encrypted
                    encodedPassword = _
                      Convert.ToBase64String(EncryptPassword(Encoding.Unicode.GetBytes(password)))
                Case MembershipPasswordFormat.Hashed
                    Dim hash As HMACSHA384 = New HMACSHA384()
                    hash.Key = HexToByte(pMachineKey.ValidationKey)
                    encodedPassword = Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password)))
                Case Else
                    ErrorAnswer = "Password format not supported."
                    '------Handle it as you like...........
                    Return Nothing
            End Select
           
            Return encodedPassword.ToLower
        End Function

In the web.config file you should add the line:

HTML

<machinekey validationkey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE">
                decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" 
                validation="HMACSHA384" decryption="AES" /></machinekey>

And also if you want to make it more stronger.... please "Salt it" with the following sub:

VB

Public Shared Function GetSaltKey() As String
            Dim saltBytes() As Byte
            Dim minSaltSize As Integer = 256
            Dim maxSaltSize As Integer = 512
            ' Generate a random number for the size of the salt.
            Dim random As Random
            random = New Random()
            Dim saltSize As Integer
            saltSize = random.Next(minSaltSize, maxSaltSize)
            ' Allocate a byte array, which will hold the salt.
            saltBytes = New Byte(saltSize - 1) {}
            ' Initialize a random number generator.
            Dim rng As RNGCryptoServiceProvider
            rng = New RNGCryptoServiceProvider()
            ' Fill the salt with cryptographically strong byte values.
            rng.GetNonZeroBytes(saltBytes)
            ' Convert plain text into a byte array.
            Return Convert.ToBase64String(saltBytes)
        End Function

Please... if you want to "salt" your data then do it outside of the Encryption Function because you want later to use the same "salt" to Encode the new coming input in order to compare with the written on your data base.
If you choose to "salt" the encoded data and keep the "salt" then you need to produce a record in your database with nvarchar(1024) and of course all the related "records declares" needs to be in the same Length.
Pay attention that this encode method is made with the SAH3 which is the most stronger method for encryption.
I don't know if I give you the answer you want it.... but in any case I've try it to!!!