Re: Security - Best Encryption Tool
From: Svein Terje Gaup (stgaup_at_broadpark.no.spam)
Date: 06/01/04
- Previous message: Alek Davis: "Re: Security - Best Encryption Tool"
- In reply to: gaurav khanna: "Security - Best Encryption Tool"
- Next in thread: Alek Davis: "Re: Security - Best Encryption Tool"
- Reply: Alek Davis: "Re: Security - Best Encryption Tool"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 1 Jun 2004 20:53:05 +0200
Why not use DPAPI?
This article describes how to create a DPAPI ibrary:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT07.asp
If you use the User store, then only the user that encrypted the data can
decrypt it on the same machine:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT09.asp
If you use the Machine store, then the encrypted data can only be decryped
on the same server:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT08.asp
Sincerely
Svein Terje Gaup
"gaurav khanna" <gaurav.khanna@wipro.com> wrote in message
news:dc575aed.0406010641.4d6cda4b@posting.google.com...
> Hi
>
> I need to store the credit card information in my database. I have
> been looking for some third party tools which could provide encryption
> for credit card numbers.
>
> The help I need is:
>
> a) What is the most secure encryption tool that can be used to store
> credit card information?
>
> b) Any tool which implements AES and does not expect a private key to
> be supplied as shown in the sample application provided by
> Microsoft. But in this case customize tool needs to be provided as
> anybody can buy the tool and decrypt the information.
>
> c) What is the best way to secure a private key used by the
> algorithm like storing in RAM, registry, isolated storage etc? And
> how to implement it.
>
> d) If some code implementation, which allows encrypting securely
> is available.
>
>
> The client is ready to invest in Third Party Tool.
> I short listed two third party .Net components for encryption:
>
> Chilkat Software (http://www.chilkatsoft.com/dotNetCrypt.asp)
>
> ezCrypto .NET
(http://www.componentsource.com/Catalog.asp?fl=A200&gf=+BUSFUNCDATAPC&gd=Enc
ryption&bc=A100~A200~BUSFUNCDATAPC&sc=CS&PO=514745&option=10444&RC=FCSR&POS=
1&bhcp=1
> )
>
>
> Both the above are c# implemented tools and implement AES algorithm.
>
> But the problem is both ask for private key to be supplied. And I need
> to store the private key in a secure manner.
>
>
> The work round I decided was to use the dll provided by the tool.
> Write some login to generate dynamically private key for each of the
> registered users based on his profile. Store this logic in a dll and
> some how secure this logic, so that no body is able to access it. But
> how to secure the logic is a concern, as dll can also be hacked to
> view its contents.
>
> One option I was looking at was to use isolated storage as provided by
> .Net.
> But I'm not sure can we store and access a dll using isolated storage.
>
>
> It would be great if somebody can help me with the above problem.
>
> Regards
> Gaurav
- Previous message: Alek Davis: "Re: Security - Best Encryption Tool"
- In reply to: gaurav khanna: "Security - Best Encryption Tool"
- Next in thread: Alek Davis: "Re: Security - Best Encryption Tool"
- Reply: Alek Davis: "Re: Security - Best Encryption Tool"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
