HOW and WHERE can I store Confidential User Information?

Question

5.00/5 (1 vote)

See more:

I am trying to store confidential encrypted user information for my program on a single computer. I do not want the application to be copied on to another computer and be usable. So I was thinking about storing the information in the Registry but I read that that is a very unsafe location and is bad for more reasons then one. I started storing the information in the programs Settings.config file but I am not sure how to encrypt that information.. The only thing I have gotten to work so far is storing the information in a XML file and encrypting that which has worked but I want the information to be more hidden and more secured.
Any help on how and where to store some confidential information would be greatly appreciated! :)

Posted 7-Aug-11 13:50pm

NY Andrew

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Answer 1 · 2011-08-07T16:24:00

Look for isolated storage: http://msdn.microsoft.com/en-us/library/3ak841sy%28v=VS.100%29.aspx[^]. In particular, read the section "Secure Access" to understand security implications.

If you want to encrypt the data, you should understand that the level of security depends on the strength of the encryption algorithm and, importantly, on how you store the key(s). You should consider what kind of exploit is more dangerous: ability to decrypt or modify encrypted data. It's likely that both aspects are equally important; in this case the power of public-key cryptography (http://en.wikipedia.org/wiki/Public-key_cryptography[^]) may appear redundant, so faster symmetric-key algorithms (http://en.wikipedia.org/wiki/Symmetric_key_algorithms[^]) would be more appropriate. Further considerations depend on the general security scenarios you want to devise.

In contrast, if you want to protect data exclusively used by only one user, you can devise a schema when a private key is known only to the user and not stored in the system (so no one of your site personnel could manipulate the users' data). In this case, you should use public-key cryptography.

Both types of encryption algorithms are well implemented in .NET. See:
Public-key cryptography (Asymmetric algorithms): http://msdn.microsoft.com/en-us/library/system.security.cryptography.asymmetricalgorithm.aspx[^];
Symmetric algorithms: http://msdn.microsoft.com/en-us/library/system.security.cryptography.symmetricalgorithm.aspx[^].

—SA

Sergey Chepurin · Answer 2 · 2011-08-08T00:46:00

Solution 2

Always search MSDN first. The keyword is "Cryptography".
Here is ProtectedData Class that can be used in your case. And here is "How to: Use Data Protection".

Posted 8-Aug-11 0:46am

Sergey Chepurin

Comments

Sergey Chepurin 9-Aug-11 3:37am

Agree with SAKryukov, leave registry to the system. Though, i used it to store encrypted product key (and can not blame if anyone also will do it). You can place encrypted file in special or hidden folder, folder with access restrictions, etc. I would encrypt only sensible user information if you are afraid of leaks. Every such operation takes human brain's and processor's resources, and you should be sure what you are doing.