tags:

views:

546

answers:

5

Beforehand :

I have read indeed the other topics on SO, but I can't find an answer in them.
(The others are about config-files, or a list of techniques)

My question thus is very simple, though a bit subjective (I'll label it beforehand :-)) what is the easiest way..

tx!

+2  A: 

Data Protection API in C#

Samuel
+5  A: 

File.Encrypt is pretty simple - one call (with one parameter).

Of course, it really depends on what you want the encryption for. File.Encrypt encrypts to the current account, which isn't much use if you're passing the file around. But, given your spec - i.e. easiest way to encrypt a file - it has to be a candidate!

dommer
+1  A: 

Don't believe you have any security just because you encrypt a config file. If someone has access to the encrypted config file, and your executable, containing the password, it's likely to be possible to decrypt your configfile. It's just a little harder.

And say your config file contains passwords to database connections, it might be possible to get those passwords looking at the network packets.

Erik
I voted you up, because the downvote may have to do with the fact that you misread my question, and that could have been partly my fault,so I rephrased it.
Peter
I agree with you because it's ok to be 'paranoid' about your security if it matters. If you can encrypt it, it can be decrypted. It just like your answer it makes it a little harder.
Lucas McCoy
+2  A: 

Encryption is trivial with modern libraries: the hard part is securing the key(s).

So you need to look at what you're trying to secure, and what threats you are trying to secure against.

To encrypt a file so only the current user can see it on a client workstation, File.Encrypt is a good choice, or DPAPI with the CurrentUser scope.

For a configuration file on a single server, DPAPI using the LocalMachine scope is a good choice. You then need to make sure only authorized users are able to log in to the server. Here you're essentially delegating key management to Windows.

For a configuration file on a server farm, you need to share the key between the servers. RsaProtectedConfigurationProvide is a good choice, but you have more work ensuring that all servers have access to the same key, and that it is protected against unauthorized access (e.g. using a DACL).

Joe
A: 

I recommend the Cryptography Application block in Enterprise Library. Very easy, very flexible.

JP Alioto
I doubt "easiest" and "Enterprise Library" ever belong together...
MichaelGG
Really? I find the opposite, but I guess I am just used to using it. Encryption done right by it's very nature is not "easy", but I suppse you're right in that it's part of the question. But, for completeness sake. :)
JP Alioto