StrataFrame Forum

TripleDESWrapper

http://forum.strataframe.net/Topic4454.aspx

By Keith Chisarik - 11/14/2006

What is the key to the encryption here when I use this wrapper?



What will I need to move to my webserver upon deployment (thinking ahead) to maintain the ability to read encrypted data I deploy?



I am using this (as below) to encrypt both database values for some sensitive information as well as parameters I pass to avoid the possibility of hack and SQL injection attacks. Am I using it correctly?



Thanks,



Keith



sample implementation:

Dim x As String = "hhhh"

Dim encrypted_x As String

Dim decrypted_x As String



Dim wrapper As MicroFour.StrataFrame.Security.Encryption.TripleDESWrapper

wrapper = New MicroFour.StrataFrame.Security.Encryption.TripleDESWrapper



encrypted_x = wrapper.Encrypt(x)

decrypted_x = wrapper.Decrypt(encrypted_x)
By Trent L. Taylor - 11/14/2006

Yes, this looks fine.  The only other thing that I would recommend is creating your own encryption key and vector rather than using the default keys.  If you notice, there is an overload on the New().  Use the second overload to provide the key and vector:

loDES = New TripleDESWrapper(New Integer() {24 values}, New Integer() {8 values})

The intellisense should give you some sample code on this.

By Keith Chisarik - 11/14/2006

as always, thank you.
By Trent L. Taylor - 11/14/2006

No problem...Smile
By Keith Chisarik - 11/14/2006

If it were you, would you put your keys in the code? or somewhere else?



The project isn't for NASA or the government, just a financial institution, but I want to do things as "by the book" as possible just in case they ask and I don't want the headaches that we all know can result from "sensitive data" being obtained.
By Trent L. Taylor - 11/14/2006

I generally have a shared class somewhere that defined these as constants.  This way I can reuse them more easily.  When it comes to high-level encryption and preventing any type of disassembler, I basically pre-encrypt as much information as possible.

In your case, I would just put the keys in a code file that is different than the one you are defining your encryption class.  That should be sufficient for most cases.

By Keith Chisarik - 11/14/2006

Excellent.....