After I posted the CodeProject article .NET Encryption Simplified, a reader asked this question in the comments:
I would like to know what your thoughts are on private key storage in applications. I believe the recommended practice is to use the DPAPI, but I have found this to be too cumbersome for practical use. I would like to encrypt certain aspects of my apps and even parts of my database, but without secure key storage it is pointless. Thoughts?
The class in that article is suitable for most encryption scenarios, but I was using it in a web service. That meant I had the luxury of keeping my private key on a different physical server. I had never even considered the problem of private key storage on the same machine!
At the risk of belaboring the obvious, asymmetric encryption hinges on keeping the public key public, and the private key private. This is a snap if you’re doing cross-machine calls. You slap the private key on your server, and freely distribute the public key to clients. The private key is never transmitted over the network, so unless a disgruntled user manages to battle his way into your data center and physically access your server, you’re secure. But if all the encryption work you’re doing is on the local machine, then the private key and the public key are both stored somewhere on the local machine. How in the world do you keep the private key away from the prying eyes of the local user?
It seems like an insoluble problem to me, since users have complete physical control over their own machines. However, a user named “bigals” posted this helpful response in the comments:
First of all, convert your private key to a PKCS12 file, which is a nice little container for private keys. Then you have a few options for storing the private key:
In your machine's key store.
This is not as safe as the user store, as it can be accessed by any user if they have enough permissions.
In the current user's key store.
This is more secure than the machine store, because it's protected by windows ACL's. But it can play havok on you if passwords and permissions are changed for that particular user.
The keys are never stored on the machine, so it is a very secure solution.
Remember, never store an instance of your keys or passwords in a string!
The .NET GC does not clear these values very well, and they are visible in the string table memory for anyone to steal! .NET 2.0 has a new object called SecureString, which keeps strings in encrypted memory.
This is another reason why the user comments are the best part of a blog. A two-way dialog between author and reader is often the difference between good content and great content.
The only way to keep a private key truly private is to store it on a completely different machine. If you must store the private key on the same machine, some vulnerability is inevitable. You can only make it inconvenient for a user to find the private key through software protection. If you want to make it really difficult, you have to embed the private key in specialized hardware, like the Xbox 360 does.
Remember “cybersecurity”?
Mysterious hooded computer guys doing mysterious hooded computer guy... things! Who knows what kind of naughty digital mischief they might be up to?
Unfortunately, we now live in a world where this kind of digital mischief is literally rewriting the world’s history. For proof of that, you
We’ve read so many sad stories about communities that were fatally compromised or destroyed due to security exploits. We took that lesson to heart when we founded the Discourse project; we endeavor to build open source software that is secure and safe for communities by default, even if there
I’ll admit I was late to the HTTPS party.
But post Snowden, and particularly after the result of the last election here in the US, it’s clear that everything on the web should be encrypted by default.
Why?
1. You have an inalienable right to privacy, both in
This post is a bit of a public service announcement, so I’ll get right to the point:
Every time you use WiFi, ask yourself: could I be connecting to the Internet through a compromised router with malware?
It’s becoming more and more common to see malware installed not
A few months ago I wrote about what it means to stay gold — to hold on to the best parts of ourselves, our communities, and the American Dream itself. But staying gold isn’t passive. It takes work. It takes action. It takes hard conversations that ask us to confront
With a 13 billion year head start on evolution, why haven’t any other forms of life in the universe contacted us by now?
(Arrival is a fantastic movie. Watch it, but don’t stop there – read the Story of Your Life novella it was based on for so much