Tracking Forums, Newsgroups, Maling Lists
Home Submit Tracker Forums
  Advanced Search
  HOME    TRACKER    ASP.NET


Advertisements:










Security :: Encrypting And Decrypting Data


I have a webApplication in which i want to encrypt the data using Public key and whan it reach to the destination webapplication it will decrypted there with corresponding private key . Is there is any way to creating this pair of key?


View 3 Replies (Posted: Aug 24, 2010 07:34 AM)

Sponsored Links:

Related Forum Messages For ASP.NET category:
Security :: Encrypting / Decrypting Data At Runtime
I have a problem hopefully someone out there will steer me in the right direction.

I havea web applicationthat I am going toput on a standalone cd - currentlythe data is"Safe" because the database is in in the app folder and the code is located in the codebehind.

My problem is i'mputting this on a CD as a standalone site, anyone can access the database, or find the XML....

Is there a way to generate an encrypted Database / XML Page, that is complied with the CD, that the program can decrypt and access with a embedded key?

Posted: Feb 18, 2010 08:07 PM

View 1 Replies!   View Related
Security :: Encrypting And Decrypting Password?
I want to encrypt the password entered by the user....how do i go about it?is there any built-in function for it or will i be required to write a code for it?

Posted: Apr 22, 2010 06:02 AM

View 5 Replies!   View Related
Security :: Encrypting And Decrypting The Web.config?
This might be a stupid question. I was going throught the stuff for enctrypting and decrypting the web.config file. We can encrypt the web.config file and decrypt it too so anyone who has access to my web.config file can decrypt it by attaching a web.config file to another application and creating a decrypt method. if I am right then the information in web.config file is not safe even if I am encrypting the connection string. Please let me know if I am right and if there is any othersolution for that

Posted: Jul 20, 2009 06:29 PM

View 5 Replies!   View Related
Security :: Encrypting/Decrypting A Shared Password At Rest?
I received some code, a small c# asp.net application which manually posts a shared username/pwd to a 3rd party website for auto-logins from our intranet site. During transit the password is encrypted, but not within the application. Within this application a namevaluecollection is used and the username and password are hard coded. Originally the thought was, who cares if its hard coded because its shared between everyone anyway. Now we want to encrypt the username and password from within the application. I'm not sure the best way to accomplish the goal of making sure the password is encrypted "at rest". Normally I've seen passwords stored and encrypted within a database. I know we'll obviously have to move the password out of the application and store it somewhere else, I'm just not sure where. Do we move the username and pwd to the web.config file? I really am not sure the best way to approach this.

Posted: Dec 14, 2010 05:48 PM

View 1 Replies!   View Related
Encrypting/decrypting Cookies In .NET 2.0 (C#)
would please someone guide me how to encrypt and decrypt cookies in Asp.net 2.0.

Posted: Apr 4 at 10:04

View 1 Replies!   View Related
Access :: Encrypting And Decrypting A Text?
used the below coding for enrypting and decrypting a text. But with this i dont know how to save to a database, when i tried i am getting many errors. How to do this?

[Code]....

Posted: Dec 12, 2009 08:17 PM

View 6 Replies!   View Related
C# - Encrypting Text Fields At Client - Side And Decrypting Them At Server - Side
I have a content-sensitive firewall between my clients and my server. If we exclude SSL solution (it's not available in my case) then I was thinking of a javascript library which encrypts custom fields at client-side and a .NET class decrypts them at server-side. Is there any solution out of the box (maybe a server control) ?

Posted: Feb 5 at 22:32

View 2 Replies!   View Related
Security :: Decrypting Using X509 Certificates?
I am trying to decrypt using an X509 certificate private key. I am using the following function:

[Code]....

Posted: Mar 16, 2011 05:21 AM

View 3 Replies!   View Related
Security :: Decrypting A String Cripted In Php?
I have an external site developed in php that send me a string cripted with this php function:

const SALT = "chiave";
public static function myEncrypt($text)
{
return rawurlencode(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, self::SALT, $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
}

and then I need to decrypt this in asp.net.

How can I do?

[Code]....

Posted: Jul 22, 2010 01:49 PM

View 1 Replies!   View Related
Security :: Getting "Invalid Data" While DES-decrypting?
I'm trying a simple encryption procedure, encrypting/decrypting a HEX value. Encryption seems to work fine: result of encryption is "85772B6784BC1505". While trying to decrypt I get an "Invalid data"-exception.

CODE:

Dim x1 As UInt64 = DES.DES_EncryptCode("&H" & "0123456789ABCDEF")
Dim x2 As UInt64 = DES.DES_DecryptCode(x1)
Private Shared KEY_64() As Byte = {7, 6, 5, 4, 3, 2, 1, 0}
Private Shared IV_64() As Byte = {0, 1, 2, 3, 4, 5, 6, 7}

[Code]....

Posted: Mar 10, 2011 10:24 AM

View 4 Replies!   View Related
Security :: Password Encrypting?
I have been trying to encrypt password and found a code which is working with Access fine but as i have changed to SQL it is not decoding the encrypted text.. it amazes me..this SQl code is not letting me log on..

[Code]....

Whereas this OlebDB/Access is working fine

[Code]....

Posted: Oct 12, 2010 03:28 PM

View 4 Replies!   View Related
Security :: Encrypting Section In Web.config?
I am wondering how to encrypt the below information in the "web.config" file of the "Account" folder (where we have the secured pages):

[Code]....

My issue here is that even after I compiled my application (using "aspnet_compiler -v /reports c:
eports"), the information inside the web.config file of the Account folder still not encrypted, and I want to publish my site to the customer server. So, since this server is a customer server, then they can access this "web.config" file and change our web-application security behaviour (correct me if I am wrong). Basically, I don't want the customer to even have access to our secured pages when they accessour web-application using the web browser. How to solve this issue?

Posted: May 03, 2010 03:57 PM

View 2 Replies!   View Related
Security - Encrypting Web Configuration Sections In 3.5?
Is there any tools available to encrypt and decrypt Asp.net Web configuration sections like connection string ,etc.?

Can i get any add-on for this?If i use Enterprise Library i can do so,but without that is there any simple utility available?

Posted: Mar 9 10 at 9:39

View 1 Replies!   View Related
Security :: Encrypting With An X509 Certificate.
I have created an x590 certificate that is in the file :
"C:UsersmartinAppDataRoamingMicrosoftSystemCertificatesMyCertificates"

I am trying to acces the public key to encrypt some plain text.

The system is throwing an "System.ArgumentOutOfRangeException" at the line

Dim certificate As X509Certificate2 = certificateCollection(0)

Can anyone tell me where I am going wrong or tell me another way to access the public key

.................................................
This is the complete code:
Imports System.Security
Imports System.Security.Cryptography.X509Certificates
Imports System.Security.Cryptography.X509Certificates.X509Certificate2
Imports System.Security.Cryptography.Pkcs
Partial Class encryptwithcertificare
Inherits System.Web.UI.Page
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim encoding As UTF8Encoding = New UTF8Encoding
Dim cleartext As String = Textbox1.Text
Dim myStore As X509Store = New X509Store()
myStore.Open(OpenFlags.ReadOnly)
Dim certificateCollection As X509Certificate2Collection = myStore.Certificates.Find(X509FindType.FindBySubjectName, "bobby", True)
Dim certificate As X509Certificate2 = certificateCollection(0)
Dim code() As Byte = EncryptwithCertificate(cleartext, certificate)
Label1.Text = Convert.ToBase64String(code)
End Sub
Shared Function EncryptwithCertificate(ByVal cleartext As Byte, ByVal certificate As X509Certificate2) As Byte()
Dim encoding As UTF8Encoding = New UTF8Encoding
Dim cleartextsbyte() As Byte = encoding.GetBytes(cleartext)
Dim contentinfo As ContentInfo = New ContentInfo(cleartextsbyte)
Dim envelopedCms As EnvelopedCms = New EnvelopedCms(contentinfo)
Dim recipient As CmsRecipient = New CmsRecipient(certificate)
envelopedCms.Encrypt(recipient)
Return envelopedCms.Encode()
End Function
End Class

Posted: Mar 14, 2011 05:42 AM

View 3 Replies!   View Related
Security :: Encrypting Passwords On Client?
I want the login password to not besent inplaintext (due to the risk of hijacking). I know that this can be achieved in principle using MD5 or the like, but is there a common implementation for use with Asp.Net? Of course, it's crucial that the resulting hash (?) isn't easy to decrypt. When I read various posts on this matter, some people say it's just to do a reverse on the encrypted string, so that in effect, this is totally useless.

Posted: Nov 01, 2010 01:17 PM

View 6 Replies!   View Related
Security :: Ways Of Encrypting Querystrings?
I have been looking at ways of encrypting querystrings and I have found a few good examples.. but, I just want some clarification on what is most often referred to as the EncryptionKey and the characters that are in that key....Is there basically an unlimited number of alphanumeric combinations that could be used in the following code as the encryption key, is there anything that someone should be CAREFUL about including in that key?

usingSystem.Security.Cryptography;
privatestaticstringEncryptionKey ="!#$a54?3";
/// other examples: "r0b1nr0y"
///in a try-catch:
key = System.Text.Encoding.UTF8.GetBytes(EncryptionKey.Substring(0, 8));
DESCryptoServiceProviderdes =newDESCryptoServiceProvider();
inputByteArray =Convert.FromBase64String(Input);

Posted: Sep 08, 2010 01:42 PM

View 3 Replies!   View Related
Security :: Deploying And Encrypting Web.Config On Server
I have written a couple methods that encrypt and decrypt the appSettings section of my web.config file using theWebConfigurationManager.I just hooked up the methods to the page_load event to test that it works, which it does. Now I need to deploy to a web farm and need advice. What is the best way to make it so I can encrypt, but more importantly decrypt the web.config when I need to? I thought about putting a hidden page with "encrypt" and "decrypt" buttons, but that seems risky. What is the "accepted" method for rolling out something like this?

Posted: Nov 12, 2010 10:25 PM

View 1 Replies!   View Related
Security :: Encrypting Passwords With T-SQL That Will Be Decrypted By Asp.net Membership Provider
I have been killing myself over this for a couple weeks now and cannot find a viable solution. Here's my scenario:

I have a DTSX package that imports user data from an external database. It then creates user accounts and profiles in the local database. Users can also be created via a custom ASP.NET Membership Provider. The provider must be able to authenticate both types of users.

This was all fine and dandy during development because passwords were stored as clear text. However, now that we're ready for release the passwords format of the provider must be set to encrypted and so the users created via the DTSX must be created with an encrypted password. (I'd prefer the passwords were hashed but the client's requirements are that passwords be recoverable). The real problem seems to be creating an encrypted password within the DTSX that will be decryptable by the ASP.NET Membership Provider.

My original solution was to have the DTSX call a CLR stored procedure that had access to the same encryption logic as the provider. I got it working but our client wouldn't enable CLR integration. So that's out the window. Now I'm investigating alternatives. One alternative is to simply use the built-in encryption methods of T-SQL. But how do I share the keys used for the encryption/decryption?

My question is, is it possible to generate a password in T-SQL, say using EncryptByKey, that will also be decryptable by my provider? This means that the key in SQL must match the key in my machineKey configuration.

Posted: Mar 04, 2011 05:58 PM

View 2 Replies!   View Related
Security :: Encrypting Config File's Connection String And Keys?
Is aspnet_regiis.exe secure? If i encrypt using aspnet_regiis.exe, will it automatically decrypt the string and wont give any error? Need an insight into this stuff.... Is Rsa the best option or wat? Wat's the best way to encrypt/decrypt programmatically?

Posted: Sep 23, 2010 10:37 AM

View 10 Replies!   View Related
Security :: Encrypting Connection String In Web.config In Shared Hosting Environment?
My problem is that I'm going to have a SQL Server database and website that accesses that database via a hosting provider, most likely GoDaddy.com, using ASP.Net. I need to make sure the connection string in the web.config file is as secure as possible, because the database will actually be storing trivia questions for a game I'm developing, and the clients will be accessing these questions, saving specific state related details, and other details, to the database, so every player that plays the game will have their details stored in this database. I need to ensure hacking is very difficult to accomplish.

From my research it appears as though the only viable solution for your web.config when you've got a hosting account with something like GoDaddy.com is to use SQL Server security to connect to your SQL Server database and place those details in the web.config file. Is this correct? It seems that this is the most likely scenario for most users, because we don't have access to our hosting providers IIS servers in order to use Windows authentication with SQL Server access and then use DPAPI encryption from there.

Posted: May 27, 2010 12:57 PM

View 2 Replies!   View Related
.net - Decrypting Data With Javascript - Website?
I use a hidden variable (input type=hidden) to store ID information on a page. To prevent attackers, I decided to encrypt the data stored using System.Security.Cryptography.

The hidden variable is accessed in JS and executes validation logic. I will need to decrypt the data before executing the validation logic. Is there a way to decrypt data in JS that was encrypted using System.Security.Cryptography

Posted: Dec 31 09 at 14:32

View 1 Replies!   View Related
Encrypting Password / Want To Store User's Password In The Database After Encrypting ?
I have a database with users table. I want to store user's password in the database after encrypting it. Can anyone suggest good password encryption algorithm and best practise for this.

Posted: Feb 17, 2009 01:44 AM

View 6 Replies!   View Related
Forms Data Controls :: Decrypting SQL Column On RowDataBound In GridView?
I have an internal web application which uses a custom encryption class to convert strings to varbinary(50) columns in SQL. When I display the table in a GridView, I want to use the RowDataBound event to decrypt the encrypted column back to a string to display.

Currently I have the following in my RowDataBound event:

[Code]....

This throws an exception when I try to load the page: TransformFinalBlock - Length of the data to decrypt is invalid.

I have tried just fetching the data from SQL in my query but the e.Row.Cells(3).Text evaluates to System.Byte[], so I tried using CAST([EncrytedColumn] AS varchar(50)) to convert the varbinary(50) to varchar(50), but this still resulted in the same exception being thrown.

My only solution so far has been to manually fetch the SQL data into a DataTable and decrypt the column before displaying it in the GridView, but I prefer the automated method of binding the SQLDataSource to the GridView.

Posted: Mar 24, 2010 02:33 PM

View 2 Replies!   View Related
Security :: Encrypting Password(password Salt)?
I would like to encrypt the password and store it in DB. And if user forgots the password and request for password i have to send him a dummy password to his mail id how can i implement this if any code available At the time of registration i have to encrypt or salt the password and save it to DB..

Posted: May 27, 2010 10:03 AM

View 1 Replies!   View Related
SQL Server :: Encrypting Data In Sql 2008
When I use symmetric key for encrypting data in sql server using encryptbykey() function on column of table

For Eg:I use following code

create symmetric key symkey
with algorithm=Triple_des
encryption by pasword='abc_1234!!!'
GO

after this I require to open the key and then used the function to encrypt data but...

how excatly the key generated and password is used internally for encrypting data.what role the algorithm playhere.I would like to know the proper mechanism of it.Bit confused abt keys concept.

Posted: Jan 27, 2011 10:27 AM

View 2 Replies!   View Related
.net - Leveraging MachineKey For Encrypting Own Data?
I have some data I want to encrypt in an ASP.NET MVC application to prevent users from tampering with it. I can use the Cryptography classes to do the actual encryption/decryption, no problem there. The main problem is figuring out where to store the encryption key and managing changes to it.

Since ASP.NET already maintains a machineKey for various things (ViewData encryption, etc), I was wondering if there were any ASP.NET functions which let me encrypt/decrypt my own data using the machineKey? This way I would not have to devise my own key management system.

Posted: Sep 10 10 at 0:20

View 2 Replies!   View Related
C# - How To Retain Carriage Returns After Encrypting Data
I have this following setup, a textarea named with some data in it that may have carriage returns and another textarea that has style='display:none' in order to make it hidden as follows:

<textarea id="myTextarea" onBlur="encryptMyData()">

Posted: Apr 9 10 at 10:20

View 3 Replies!   View Related
Decrypting Password / Copy User's Data From Old Table To New Table?
I have an asp.net database which has users table. In this table password is saved as sncrypted. Now, I am creating my own users table. I want to copy user's data from my old table t this table. I can to decrypt old users table password. Which encryption technique is used by default in aspnet database for passwords.

Posted: Apr 02, 2010 01:17 AM

View 2 Replies!   View Related
Error In C# Encrypt Code When Decrypting?
A bit more background info as suggested:I'm finsihing of an Intranet CMS web app where I have to use the products API (ASP.NET based). Because of time constraints and issues with Windows authen' I need another way to ensure staff do not need to re login everytime they visit the site to view personalised content. The way it works is that once a user logs in (username/password), a Session ID storing a new different Security context value is generated that is used to display the personalised content. The API login method called uses the username and password as parameters. The only way I can think of automatically logging in the next time the staff visits the site is by storing the password in a enrypted cookie and checking of its existing when the site is visited and then calling the API login method using the username and decrypted password cookie values.Any other ideas as an alternative welcomed.'m using some code found on the web to encrypt and decrypt a password string. It encrypts fine but when it calls the code below to decrypt the string it throws the error "Length of the data to decrypt is invalid" How can I resolve this?

System.Text.Encoding enc = System.Text.Encoding.ASCII;
byte[] myByteArray = enc.GetBytes(_pword);
SymmetricAlgorithm sa = DES.Create();

[code]...

Posted: Mar 31 at 11:50

View 4 Replies!   View Related
Configuration :: Decrypting Web.config In Differenct Machine
We have a problem regarding decryptingthe web.config... We encrypted the web.config in computer A. but we need it to decrypt it in computer B.

we got an error

"Failed to decrypt using provider 'DataProtectionConfigurationProvider'. Error
ssage from the provider: Key not valid for use in specified state. (Exception
om HRESULT: 0x8009000B) (D:WCFSearchweb.config line 17)

Key not valid for use in specified state. (Exception from HRESULT: 0x8009000B)
Failed!"

we also tried the RSAProtectedConfigurationProvider and we're not able decrypt also...

I search google and foundthis unfortunately we can't decrpyt it... How do i include the key? do i need to copy and paste it?

Posted: Mar 15, 2010 08:03 AM

View 6 Replies!   View Related
Encrypting Existing Passwords?
found while searching for help on my asp.net application.I have a small application with connected to a SQL database. As it was so small, and contained very little data of any importance, i had set it up with Clear passwords.Now i have been asked to expand the database considerably, and encrypted passwords are now required. I can easily modify the web.config so all future users are set up with encrypted passwords. But is there any way to change all existing users passwords to be stored encrypted?

Posted: Aug 5th, 2010, 10:40 AM

View 10 Replies!   View Related
Hashing Vs. Encrypting Passwords?
I'm using ASP.NET membership for a site that will serve primarily sophisticated users. I understand the difference between hashed and encrypted passwords, and I'm trying to decide between the two.After my last client complained bitterly about hashed passwords being a total PITA, I've started to favor encrypted passwords. But someone suggested this just isn't secure enough.So my question is: What, exactly are the risks of encrypting passwords? Any person with the ability to steal passwords by decrypting them from the database would surely have the ability to reset them if they were hashed, no? I'm having trouble seeing where someone could cause trouble with encrypted passwords but couldn't with hashed ones. Making it convenient for users is also important.

Posted: Feb 9 at 6:07

View 4 Replies!   View Related
Configuration :: Encrypting Only ConnectionString?
i'mworking on alreadybuilt asp.net webapplication. in the web.configfor connectionString section i have seen this

<add name="MyConnectionString" connectionString="3abcde12n3kd03kldwqaswe45tdw4fo23003ld3ddfot0lkdpe2d" providerName="System.Data.SqlClient"/>

can anyone tell me on how this encryption done? i know the standard way of encrypting using aspnetregiis.exe which replaces the entire connnectionString section of the web.config.

Posted: Aug 24, 2010 04:58 AM

View 4 Replies!   View Related
Encrypting Custom Section In Web Config?
Our objective is to encrypt a custom section in our Web Config. An exhaustive search of the internet has left us none the wiser. Below is an excerpt from our web config file.

[Code].....

Posted: Aug 07, 2009 12:27 AM

View 3 Replies!   View Related
Encrypting Custom Sections Of A Web.config?
I used the article Creating a Flexible Configuration Section Handler to create a Flexible Configuration Section Handler in my application.

I also saw this article entitled Encrypting Custom Configuration Sections on the OdeToCode blog, on how to encrypt portions of a web.config file.

From the first article, we have this web.config code.

[code]...

Posted: Aug 17 10 at 16:47

View 2 Replies!   View Related
Configuration :: Encrypting Sections Of The Web.config?
I am getting the error "An error occurred loading a configuration file: Access to the pathis denied."

When I am in VS 2010, I canEncrypt as long as I runas administrator. Code as follows:

[Code]....

My problem is I need to run this in IIS. What is stopping me? It's a permission problem, but what permission. I am running IIS 7.5 on Windows 7. This is happening on my production server as well. Same error.

Posted: Aug 26, 2010 09:51 PM

View 1 Replies!   View Related
Encrypting Foreign Keys From Database?
I just came across some code that seems to encrypt database keys prior to sending them to the client (WebBrowser, Silverlight, etc).

To illustrate, suppose you have a list of students to extra-curricular activities, and a relationship defined between them. Every time the data is written out to the ASPX page, the studentID and activityID is encrypted. Every time a write, or modify is made, this value is sent back to the server, decrypted, and saved to the database.

What could be the reasons to expose data this way? Is this a normal practice?

Posted: Nov 7 10 at 21:24

View 1 Replies!   View Related
C# - Encrypting ConnectionStrings In A Web.config File?
Any section in my web.config file that I want to encrypt I run this command line util:

aspnet_regiis -pe "anySection" -app "/SampleApplication"

It all works just fine until I try encrypt my connectionStrings sections

I define (and I cannot change this) my connectionStrings section like this:

[code]....

Is there a way of doing this using the aspnet_regiis util? Doing it with code is not an option for me.

Also is there a way to run this untility without specifing the application (-app "/SampleApplication") instead giving the path to the web.config file?

Posted: Feb 4 at 15:10

View 2 Replies!   View Related
.net - Encrypting Config Files Info?
I have many ASP.NET applications running on server and i want to encrypt the web.config file for each.Is there a way I can encrypt all config files using single class/app or do i have to write separate code under each solution/project to encrypt config?I have idea how to do one file in a project usinghttp://davidhayden.com/blog/dave/archive/2005/11/17/2572.aspxBut i want to use a centralized or single app to encrypt all

Posted: Jan 13 10 at 21:06

View 2 Replies!   View Related
Copyright 2005-08 www.BigResource.com, All rights reserved