Encryption

N

nitrobass24

[H]ard|DCer of the Month - December 2009
Joined
Apr 7, 2006
Messages
10,465
Currently we use Enterprise library for encrypting parts of config files, but we are moving our codebase to the 3.5 framework and currently Enterprise Library is not compatible yet. The Senior Devs dont want to wait and then try to use a new version of enterprise library.

What other alternatives are there? Ive tried encrypting the sections using DPAPI and RSA but those are machine level encryption and this is a distributed app so that doesnt work.
 
may i ask what you mean by "machine-level" ?

when i implemented RSA, you could apply it at any level of abstraction that you wished, not just 1's and 0's.
 
Actually RSA encryption is easy to understand and do in software except you need a way to deal with integral values that are like 200 or more digits in length.
 
yeah, exactly. there's bound to be some number theory libraries for your language of choice.

i've only implemented RSA on my own systems where i can pass a private key around with CORBA. how do real systems (i.e. open ssh) solve the portability problem? i suppose there must be a standard somewhere to look up or else this would be a nightmare.
 
i know openssh uses the openssl library, i think for point-to-point TLS. but maybe you can leverage it for this kind of stuff as well, since it also includes a general purpose crypto library complete with RSA encrypt/decrypt function that i'd imagine are pretty portable. at the very least, you might poke around in the source a bit to see how they do it
 
What exactly are you trying to do? In general I believe it is unwise to attempt doing encryption yourself - for example there are dozens of documents on how to package RSA encryption into a secure, usable format. Been a while since I've delved through this, but some good reading: http://www.rsa.com/rsalabs/node.asp?id=2514
 
nameless_centurian said:
may i ask what you mean by "machine-level" ?
Click to expand...
"machine-level" means that the container holding the secret key data is associated with the machine, not with a particular user. Moving the encrypted data to another machine, then, isn't possible because it doesn't have the key (and/or pad, and/or salt) necessary to decrypt the data.
 
nameless_centurian said:
may i ask what you mean by "machine-level" ?
Click to expand...
"machine-level" means that the container holding the secret key data is associated with the machine, not with a particular user. Moving the encrypted data to another machine, then, isn't possible because it doesn't have the key (and/or pad, and/or salt) necessary to decrypt the data.

DPAPI and RSA both do support user-level encryption, so I can't understand why nitrobass24 thinks he can't use them
 
mikeblas said:
"machine-level" means that the container holding the secret key data is associated with the machine, not with a particular user. Moving the encrypted data to another machine, then, isn't possible because it doesn't have the key (and/or pad, and/or salt) necessary to decrypt the data.

DPAPI and RSA both do support user-level encryption, so I can't understand why nitrobass24 thinks he can't use them
Click to expand...

I doubt that's what the OP meant by "machine level" even though your explanation is most certainly correct. On that note, TPM needs to go die in a fire ;)
 
devman said:
I doubt that's what the OP meant by "machine level" even though your explanation is most certainly correct. On that note, TPM needs to go die in a fire ;)
Click to expand...

What causes your doubt? What's TPM?
 
TPM is very good as an optional component. I wouldn't want it to be mandatory on all computers (cough, Apple), but it could offer great and nearly transparent low level data protection to systems.
 
You must log in or register to reply here.
Back
Top