Re: Security - Best Encryption Mechanism
From: Nick Holmes (nickh_at_nospam.com)
Date: 06/01/04
- Next message: Stoitcho Goutsev \(100\) [C# MVP]: "Re: Events with Dynamically created controls."
- Previous message: Stoitcho Goutsev \(100\) [C# MVP]: "Re: Method Focus()"
- In reply to: gaurav khanna: "Security - Best Encryption Mechanism"
- Next in thread: Daniel Billingsley: "Re: Security - Best Encryption Mechanism"
- Reply: Daniel Billingsley: "Re: Security - Best Encryption Mechanism"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 1 Jun 2004 16:46:05 +0200
If you need to store a key in your code, then you should look at DPAPI.
There is not standard .Net implementation of it (its a Win32 API), but all
you need to know is here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod21.asp
Nick Holmes.
"gaurav khanna" <gaurav.khanna@wipro.com> wrote in message
news:dc575aed.0406010638.17b48edd@posting.google.com...
> Hi
>
> I need to store the credit card information in my database. I have
> been looking for some third party tools which could provide encryption
> for credit card numbers.
>
> The help I need is:
>
> a) What is the most secure encryption tool that can be used to store
> credit card information?
>
> b) Any tool which implements AES and does not expect a private key to
> be supplied as shown in the sample application provided by
> Microsoft. But in this case customize tool needs to be provided as
> anybody can buy the tool and decrypt the information.
>
> c) What is the best way to secure a private key used by the
> algorithm like storing in RAM, registry, isolated storage etc? And
> how to implement it.
>
> d) If some code implementation, which allows encrypting securely
> is available.
>
>
> The client is ready to invest in Third Party Tool.
> I short listed two third party .Net components for encryption:
>
> Chilkat Software (http://www.chilkatsoft.com/dotNetCrypt.asp)
>
> ezCrypto .NET
(http://www.componentsource.com/Catalog.asp?fl=A200&gf=+BUSFUNCDATAPC&gd=Enc
ryption&bc=A100~A200~BUSFUNCDATAPC&sc=CS&PO=514745&option=10444&RC=FCSR&POS=
1&bhcp=1
> )
>
>
> Both the above are c# implemented tools and implement AES algorithm.
>
> But the problem is both ask for private key to be supplied. And I need
> to store the private key in a secure manner.
>
>
> The work round I decided was to use the dll provided by the tool.
> Write some login to generate dynamically private key for each of the
> registered users based on his profile. Store this logic in a dll and
> some how secure this logic, so that no body is able to access it. But
> how to secure the logic is a concern, as dll can also be hacked to
> view its contents.
>
> One option I was looking at was to use isolated storage as provided by
> .Net.
> But I'm not sure can we store and access a dll using isolated storage.
>
>
> It would be great if somebody can help me with the above problem.
>
> Regards
> Gaurav
- Next message: Stoitcho Goutsev \(100\) [C# MVP]: "Re: Events with Dynamically created controls."
- Previous message: Stoitcho Goutsev \(100\) [C# MVP]: "Re: Method Focus()"
- In reply to: gaurav khanna: "Security - Best Encryption Mechanism"
- Next in thread: Daniel Billingsley: "Re: Security - Best Encryption Mechanism"
- Reply: Daniel Billingsley: "Re: Security - Best Encryption Mechanism"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
