Encryption

nitrobass24

[H]ard|DCer of the Month - December 2009
Joined
Apr 7, 2006
Messages
10,462
Currently we use Enterprise library for encrypting parts of config files, but we are moving our codebase to the 3.5 framework and currently Enterprise Library is not compatible yet. The Senior Devs dont want to wait and then try to use a new version of enterprise library.

What other alternatives are there? Ive tried encrypting the sections using DPAPI and RSA but those are machine level encryption and this is a distributed app so that doesnt work.
 
Joined
Apr 4, 2003
Messages
836
may i ask what you mean by "machine-level" ?

when i implemented RSA, you could apply it at any level of abstraction that you wished, not just 1's and 0's.
 
Joined
Jul 13, 2006
Messages
516
Actually RSA encryption is easy to understand and do in software except you need a way to deal with integral values that are like 200 or more digits in length.
 
Joined
Apr 4, 2003
Messages
836
yeah, exactly. there's bound to be some number theory libraries for your language of choice.

i've only implemented RSA on my own systems where i can pass a private key around with CORBA. how do real systems (i.e. open ssh) solve the portability problem? i suppose there must be a standard somewhere to look up or else this would be a nightmare.
 

fluxion

Gawd
Joined
May 31, 2005
Messages
864
i know openssh uses the openssl library, i think for point-to-point TLS. but maybe you can leverage it for this kind of stuff as well, since it also includes a general purpose crypto library complete with RSA encrypt/decrypt function that i'd imagine are pretty portable. at the very least, you might poke around in the source a bit to see how they do it
 
Joined
Oct 28, 2004
Messages
722
What exactly are you trying to do? In general I believe it is unwise to attempt doing encryption yourself - for example there are dozens of documents on how to package RSA encryption into a secure, usable format. Been a while since I've delved through this, but some good reading: http://www.rsa.com/rsalabs/node.asp?id=2514
 

mikeblas

[H]ard|DCer of the Month - May 2006
Joined
Jun 26, 2004
Messages
12,776
may i ask what you mean by "machine-level" ?
"machine-level" means that the container holding the secret key data is associated with the machine, not with a particular user. Moving the encrypted data to another machine, then, isn't possible because it doesn't have the key (and/or pad, and/or salt) necessary to decrypt the data.
 

mikeblas

[H]ard|DCer of the Month - May 2006
Joined
Jun 26, 2004
Messages
12,776
may i ask what you mean by "machine-level" ?
"machine-level" means that the container holding the secret key data is associated with the machine, not with a particular user. Moving the encrypted data to another machine, then, isn't possible because it doesn't have the key (and/or pad, and/or salt) necessary to decrypt the data.

DPAPI and RSA both do support user-level encryption, so I can't understand why nitrobass24 thinks he can't use them
 

devman

2[H]4U
Joined
Dec 3, 2005
Messages
2,400
"machine-level" means that the container holding the secret key data is associated with the machine, not with a particular user. Moving the encrypted data to another machine, then, isn't possible because it doesn't have the key (and/or pad, and/or salt) necessary to decrypt the data.

DPAPI and RSA both do support user-level encryption, so I can't understand why nitrobass24 thinks he can't use them

I doubt that's what the OP meant by "machine level" even though your explanation is most certainly correct. On that note, TPM needs to go die in a fire ;)
 

mikeblas

[H]ard|DCer of the Month - May 2006
Joined
Jun 26, 2004
Messages
12,776
I doubt that's what the OP meant by "machine level" even though your explanation is most certainly correct. On that note, TPM needs to go die in a fire ;)

What causes your doubt? What's TPM?
 

pxc

Extremely [H]
Joined
Oct 22, 2000
Messages
33,064
TPM is very good as an optional component. I wouldn't want it to be mandatory on all computers (cough, Apple), but it could offer great and nearly transparent low level data protection to systems.
 
Top