亲爱的朋友: 我有一个wpf应用程序,我想将数据存储在SQL文件中. SQL文件包含一些敏感内容,为了保护其内容,我决定使用Rijndael算法对它们进行加密(因为在我阅读此算法时,它是最佳的(快速且安全)).该算法需要KEY和IV,并且您知道拥有这两个参数的每个人都可以解密我们的数据.因此,问题是: 1.如何保护KEY和IV?我应该在哪里存储Key和IV?如果我要将密钥和IV存储在SQL文件中,则每个人都可以获取它们并解密我的数据.如果要在软件中对其进行硬编码,我会犯一个严重的错误. 2.我读到我们可以结合使用对称(Rijndaehl)和非对称(RSA)算法(似乎它的功能在Web应用程序中.对吗?).但是,我不知道如何实现它(任何解决方案都适用). 3.现在,考虑我使用对称对称算法.但是,问题尚未解决.因为当我使用不对称算法来保护对称算法的密钥和IV时,我应该将公共密钥和私有密钥保存在某个位置(例如,在sql文件或代码中).并且问题将再次出现.任何人都可以使用此保存的私钥并解密密钥和Iv,最后找到sql内容.那我该怎么办? Your.
Dear Friends: I have a wpf application and I want to store my data in a SQL file. The SQL file has some sensitive content and in order to protect its content I have decided to enctypt them by Rijndael algorithm (because as I read this algorithm is the optimum one (fast and secure)). The algorithm needs KEY and IV and as you know everybody that has these two parameters can decrypt our data. So, the questions are: 1. How could I protect the KEY and IV? Where should I store Key and IV? If I want to store key and IV in SQL file, everybody can get them and decrypt my data. If I want to hard-code it in the software I will make a bad mistake. 2. I read that we can use combination of symetric (Rijndaehl) and asymetric(RSA) algorithm (and it seems that its function is in the web applications. Am I right?). However, I don''t have any idea how to implement it (any solution will be appriciated). 3. Now, consider that I use combination of symetric asymmertic algorithms. But, the problem has not finnished yet. because when I use asymetric algorithm to protect the key and IV of symetric algorithm, I should save public and private key in a location (forexample in sql file or in code). and the problem will be arised again. Anyone can use this saved private key and decrypt the key and Iv and at last find sql content. So, what should I do? Your.
推荐答案由于您需要一次又一次地访问解码后的数据,因此我们将在应用程序启动时对其进行解密,并将其存储在 IsolatedStorage ,它安全又快捷. 您应该在哪里存储密钥? 您可以将其存储为二进制格式的文本文件,该文本文件将放置在Windows的Temp文件下. 如果Key是取决于用户的,则可以使用UserProfile的临时文件夹进行存储,也可以将其存储在用户要上载的证书文件中,或者将其安装在用户计算机中,并且您的应用程序将从它们的文件中读取(适用于Windows应用程序). 您还可以将证书用于Web应用程序了解详情 这样,您可以开发高度安全的Web应用程序. 有关证书详细信息,请单击此处 我想这对你有帮助... 您是否需要在运行时更改密钥? Hi, As you need to access that decoded data again and again, so we will decrypt it at the start of application and store it in IsolatedStorage which is secure and faster. Where you should store the key? You can store it in a text file in binary format and that text file will placed under Temp file of windows. if Key is user dependent then you can use UserProfile''s temp folder to store it or in an Certificate file which user will upload or It will install in user machine and your application will read it from their ( its applicable for windows application ). You can use certificate for Web Application also Read More In this way you can develop an highly secure web application. For Certificate Details Click Here I think it will help You... Do you need to change the key in run time ?
更多推荐
WPF应用中Rijndael算法中的保护密钥和IV
发布评论