File encryption within EXE - best practice.

Question

0.00/5 (No votes)

See more:

Hi,

Had a quick look around in CodeProject but couldn't find what I was after.

Windows, .Net Winforms, encryption.

I am familiar with encrypting and decrypting data and files, the different levels and types of encryption and I've code to do it. Not a problem.

The last place I worked at, all the encryption assemblies were internal to the company really and the assemblies were obfuscated with string encryption.

I'm developing a Winforms application in a new company I'm working for. I want to encrypt and decrypt a file, in an application that will be sold to many clients.

So the difference now is that both private and public keys will be embedded in the Winforms application or another assembly on the client computer to handle the encrypted file.

Is there a best practice for this scenario where you want to store and encrypt some data in a file on someone's computer?

My thought is to obfuscate and string encrypt any assemblies, hiding as best as possible the private key. The data isn't highly confidential, but it would be good to say that the file is encrypted.

Any thoughts on the matter would be greatly appreciated. Or any pointers to discussions on the subject.

Thanks

Julian

What I have tried:

Searching the net
Searching CodeProject

Posted 15-Mar-18 2:35am

jugs0101

Updated 15-Mar-18 7:08am

Add a Solution

3 solutions

Solution 3

I used a combination of of both answers. I am encrypting the file with .Net encryption and then string encrypting and obfuscating the assemblies. I am also using the ZIP option to back up the file. The data I am storing is not super sensitive, if it was I would be doing something different.

Julian

Posted 20-Jul-18 3:31am

jugs0101

Updated 20-Jul-18 4:02am

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

RickZeeland · Accepted Answer · 2018-03-15T03:41:00

Solution 1

This CodeProject article describes how to do your own obfuscation, it is in C though, but maybe you will find the utilities useful: Binary Obfuscation[^]

You might also find the SecureString class interesting: SecureString Class (System.Security)[^]

Posted 15-Mar-18 3:41am

RickZeeland

Updated 15-Mar-18 3:54am

v2

Comments

jugs0101 15-Mar-18 11:54am

Thanks for the SecureString pointer Rick, I'll look into using that and yes I'll be obfuscating using a third party product.

So do you think this is the right way to go when doing this?

Julian

RickZeeland 15-Mar-18 12:35pm

Can't say if this is the right way, at work we just use Dotfuscator, but that can be a hassle too as we use reflection a lot, and Dotfuscator and reflection don't go together well so we have to exclude parts of the application from obfuscation.

Gerry Schmitz · Accepted Answer · 2018-03-15T07:09:00

Solution 2

I would say that a password protected zip / compressed file is the simplest (secure) option.

You can compress / decompress in memory.

Posted 15-Mar-18 7:09am

Gerry Schmitz