|
| | | 
Advanced StrataFrame User
 
Group: StrataFrame Users
Last Login: Today @ 8:08:48 PM
Posts: 607, Visits: 17,185 |
| What is the key to the encryption here when I use this wrapper?
What will I need to move to my webserver upon deployment (thinking ahead) to maintain the ability to read encrypted data I deploy?
I am using this (as below) to encrypt both database values for some sensitive information as well as parameters I pass to avoid the possibility of hack and SQL injection attacks. Am I using it correctly?
Thanks,
Keith
sample implementation:
Dim x As String = "hhhh"
Dim encrypted_x As String
Dim decrypted_x As String
Dim wrapper As MicroFour.StrataFrame.Security.Encryption.TripleDESWrapper
wrapper = New MicroFour.StrataFrame.Security.Encryption.TripleDESWrapper
encrypted_x = wrapper.Encrypt(x)
decrypted_x = wrapper.Decrypt(encrypted_x) |
| |
| | | 
StrataFrame Developer
Group: StrataFrame Developers
Last Login: Today @ 5:44:29 PM
Posts: 4,366, Visits: 4,393 |
| | Yes, this looks fine. The only other thing that I would recommend is creating your own encryption key and vector rather than using the default keys. If you notice, there is an overload on the New(). Use the second overload to provide the key and vector: loDES = New TripleDESWrapper(New Integer() {24 values}, New Integer() {8 values}) The intellisense should give you some sample code on this. |
| |
| | |
Advanced StrataFrame User
Group: StrataFrame Users
Last Login: Today @ 8:08:48 PM
Posts: 607, Visits: 17,185 |
| | |
| | |
StrataFrame Developer
Group: StrataFrame Developers
Last Login: Today @ 5:44:29 PM
Posts: 4,366, Visits: 4,393 |
| No problem... |
| |
| | |
Advanced StrataFrame User
Group: StrataFrame Users
Last Login: Today @ 8:08:48 PM
Posts: 607, Visits: 17,185 |
| If it were you, would you put your keys in the code? or somewhere else?
The project isn't for NASA or the government, just a financial institution, but I want to do things as "by the book" as possible just in case they ask and I don't want the headaches that we all know can result from "sensitive data" being obtained.
|
| |
| | |
StrataFrame Developer
Group: StrataFrame Developers
Last Login: Today @ 5:44:29 PM
Posts: 4,366, Visits: 4,393 |
| | I generally have a shared class somewhere that defined these as constants. This way I can reuse them more easily. When it comes to high-level encryption and preventing any type of disassembler, I basically pre-encrypt as much information as possible. In your case, I would just put the keys in a code file that is different than the one you are defining your encryption class. That should be sufficient for most cases. |
| |
| | |
Advanced StrataFrame User
Group: StrataFrame Users
Last Login: Today @ 8:08:48 PM
Posts: 607, Visits: 17,185 |
| | |
|
|