Encrypting sections and-or settings in an App.config file that will be redistributed

Question

Hi.

I'm creating a regular windows application that will be distributed to several users on my department. I'll need to include some connectivity passwords on the App.config file, and I obviously don't want end-users to just fire up notepad and look at the passwords.

Several articles point on how to encrypt/decrypt configuration sections, but it appears you have to share/ship some keys with the deployable solution.

Is there a simpler way, to just cipher some of the settings so that they are not user-readable, but that don't require extra steps or files when redistributing the program? Great plus would be that accessing the configuration settings is still transparent inside the .NET code. I could always just create a custom method to salt/cipher the string and in my custom code decrypt it, but I'm wondering if there's something simpler.

Any answers or links to articles on how to do this are greatly appreciated. Thanks

Answer 1

Either way, the encryption and decryption of the application configuration file is pointless as the .EXE can be examined by Reflector!

Sure you can obfuscate the code but that will make debugging a nightmare in a production environment where a strange unknown/undiscovered bug crept in as you would not be able to tell what/where/why/how to monitor for a strange bug that will only show up in release as the stacktrace and error messages would be obfuscated also...

That is something to bear in mind about and a potential pitfall...the user may not be tech savvy, but sure they could in theory, ask a friend/relative/partner to hack/break it without your knowledge..This answer is not meant to put you off, and hope you don't feel offended by my answer...

Hope this helps, Best regards, Tom.

Answer 2

In short, cryptography isn't a magic wand that can magically fix an insecure program.

An attacker will try to obtain passwords from memory using a Debugger while the application is running. The passwords will also exist in the binary and these can be easily obtained. The use of any encryption can be bypassed because the password must be in plain text at the time of use. Any time memory is used it can also be observed with a debugger.

The answer lies in anti-debugging: http://www.codeproject.com/KB/security/Intro_To_Win_Anti_Debug.aspx

More advanced windows Anti-Debugging:

http://www.veracode.com/blog/2008/12/anti-debugging-series-part-i/

http://www.veracode.com/blog/2008/12/anti-debugging-series-part-ii/

http://www.veracode.com/blog/2009/01/anti-debugging-series-part-iii/

http://www.veracode.com/blog/2009/02/anti-debugging-series-part-iv/

Answer 3

If you are trying to encrypt your connection string in your App.Config/Web.Config, you can do so using the Configuration class:

Configuration config = ConfigurationManager.   OpenExeConfiguration(ConfigurationUserLevel.None);
ConfigurationSection section =    config.GetSection("connectionStrings");
if (section != null)
{
    if (!section.IsReadOnly())
    {
        section.SectionInformation.ProtectSection             ("RsaProtectedConfigurationProvider");
        section.SectionInformation.ForceSave = true;
        config.Save(ConfigurationSaveMode.Full);
    }
}

There are two methods: RsaProtectedConfigurationProvider and DPAPIProtectedConfigurationProvider

See this --> http://www.codeproject.com/KB/cs/Configuration_File.aspx and http://msdn.microsoft.com/en-us/library/89211k9b(VS.80).aspx.