aims
The goal of this chapter is:
• Store encrypted database connection strings in the registry • Read the encrypted database connection string from the registry and decrypt it.
Back to top
Scope of application
This chapter applies to the following products and technologies:
• Microsoft Windows XP or Windows 2000 Server (Service Pack 3) and Higher Versions • Microsoft .NET Framework Version 1.0 (Service Pack 2) and later • Microsoft Visual C # ® .NET
Back to top
How to use this chapter
To learn this chapter:
• You must have experience in programming using Visual C # .NET. • You must have experience in programming using Microsoft Visual Studio® .NET. • You must have experience in developing web applications using ASP.NET. • Create a regular plus library in the creation of the Packiles. The functions provided by this plus library are used in this chapter to connect to database connection string encryption and decryption. • Read Chapter 12 Security Storage Database Connection Strings in Data Access Security. It introduces some techniques for secure storage database connection strings.
Back to top
Summary
If the application written by developers needs to access the database, they will face an identical problem, that is, where is the location securely stores the database connection string. The registry provides them with a choice. However, although the access control list (ACL) can protect the security of a single registry key, in order to improve security, you should first encrypt the connection string before you store it.
This chapter describes how to store the encrypted database connection string in the registry and how it is retrieved from the ASP.NET web application. It will be used to create the regular plus library created in the PC.
Back to top
Background knowledge you have to know
You should know before starting to learn this chapter:
• Connected connection strings for encryption, initialization vector, and keys will be stored as named values under the following registry items in the registry. HKEY_LOCAL_MACHINE / SOFTWARE / TESTAPPLICATION
• The initialization vector and key must be stored to decrypt the connection string.
Back to top
Store encrypted data in the registry
This process creates a Windows application that encrypts the sample database string and stores the string in the registry.
• Store encrypted data in the registry
1. Start Visual Studio .NET and create a new Visual C # item called EncryptionTestApp. 2. Add a reference to the Encryption.dll assembly. To create this assembly, you must perform the steps described in this guide to create the steps described in the Delivery library. 3. Add the following USING statement to the top of the FORM1.CS below the existing USING statement. Using encryption;
Using system.text;
USING Microsoft.win32;
4. Add the controls in Table 1 to FORM1 and arrange them as shown in Figure 1. Table 1: EncryptionTestApp control
ID tag text string connection control: text box label key txtConnectionString: text box label initialization vector txtKey: text box txtInitializationVector tag encryption decryption string text box label string text box txtEncryptedString txtDecryptedString button decrypting the encrypted btnEncrypt button button written to the registry btnDecrypt Data BTnWriteRegistryData
Figure 1 "Encrypted Test Set" dialog 5. Set the TxtConnectionstring text attribute to "Server = local; Database = PUBS; UID = Bob; PWD = Password" 6. Set the TXTKEY TEXT attribute to "0123456789012345"
The key length is 16 bytes to meet the requirements of the triple DES encryption algorithm. 7. Set the text attribute of Form1 to "Encrypting Test Case"
8. Double-click the "Encrypted" button to create a button Click the event handler and add the following code to the event handler. Try
{
// Create an Encryptor object, specify 3DES as
// Encryption Algorithm
Encryptor Enc = New Encryptor (EncryptionAlithm.tripledes);
// Get the connection string in byte arrays
Byte [] plaintext = encoding.ascii.getbytes (txtconnectionstring.text);
Byte [] Key = Encoding.ascii.getbytes (txtKey.Text);
// Perform encryption
Byte [] ciphertext = enc.encrypt (plaintext, key);
// Store the initialization vector, decrypt the need
// This vector
TxtinitializationVector.text = encoding.ascii.getstring (enc.iv);
// Display encrypted strings
TXTENCRYPTEDSTRING.TEXT = Convert.TOBASE64String (Ciphertext);
}
Catch (Exception EX)
{
Messagebox.show ("Anomaly occurs when encryption:" ex.Message,
"Encryption test set");
}
9. Return to Form1 in the Designer mode, then double-click the Decouvel button to create a button Click the event handler. 10. Add the following code to the Decryption button Event handler. Try
{
// Set the Decryptor object
Decryptor Dec = New Decryptor (EncryptionAliithm.tripledes);
// Set the initialization vector
Dec.iv = encoding.ascii.getbytes (txtInitializationVector.text);
Byte [] Key = Encoding.ascii.getbytes (txtKey.Text);
// Perform decryption
Byte [] plaintext = DEC.DECRYPT (Convert.FromBase64String)
TxtencryptedString.Text),
Key);
// Display the decryption string.
TXTDECRYPTEDSTRING.TEXT = Encoding.ascii.getstring (plaintext);
}
Catch (Exception EX)
{
Messagebox.show ("Excluding an exception when decrypt." Ex.Message,
"Encryption test set");
}
11. Return to FORM1 in the Designer mode, then double-click the "Write Registry Data" button to create a button Click the event handler. 12. Add the following code to the event handler. // Create a registry key and named value
RegistryKey rk = registry.localmachine.opensubKey ("Software", true);
RK = rk.createSubkey ("testApplication"); // write an encrypted string, initialization vector, and key
RK.SetValue ("Connectionstring", txtencryptedstring.text);
RK.SetValue ("InitVector", Convert.TOBASE64STRING
Encoding.ascii.getbytes (txtInitializationVector.text))))
RK.SetValue ("Key", Convert.TOBASE64String (Encoding.ascii.GetBytes
TXTKEY.TEXT))))))))))))))))))))))))))))))))))))
Messagebox.show ("Data has been successfully written to registry");
13. Run the app and click Encryption. The encrypted connection string is displayed in the Encrypted String field. 14. Click Decrypt. The original string is displayed in the Decryptive String field. 15. Click "Write Registry Data". 16. In the message box, click OK. 17. Run the regedit.exe and view the contents of the following registry key. HKLM / Software / TestApplication
Confirm the code value of the CONNECTIONSTRING, INITVector, and Key Names. 18. Close the regedit and test sets.
Back to top
Create an ASP.NET web application
This process develops a simple ASP.NET web application that retrieves encrypted connection strings from the registry and decrypt it.
• Create an ASP.NET application
1. Create a new Visual C # ASP.NET web application called EncryptionWebapp. 2. Add a reference to the Encryption.dll assembly. To create this assembly, you must perform the steps described in this guide to create the steps described in the Delivery library. 3. Open WebForm 1.aspx.cs and add the following USING statement to the top of the file. Using encryption;
Using system.text;
USING Microsoft.win32;
4. Add the controls listed in Table 2 to WebForm1.aspx. Table 2: WebForm1.aspx control
Control text ID tab LBLEncryptedString tab LBLDECryptedString button Get connection string btngetConnectionstring
5. Double-click the "Get Connection String" button to create a button Click the event handler. 6. Add the following code to the event handler. RegistryKey rk = registry.localmachine.opensubKey (
@ "Software / TestApplication", False);
LblencryptedString.Text = (string) rk.getValue ("Connectionstring");
String InitVector = (String) RK.GetValue ("InIitVector");
String strkey = (string) RK.getValue ("key");
Decryptor Dec = New Decryptor (EncryptionAliithm.tripledes);
Dec.iv = convert.FromBase64String (InitVector);
// Decrypt string
Byte [] plaintext = DEC.DECRYPT (Convert.FromBase64String)
LblencryptedString.Text), convert.frombase64string (strkey));
LBldecryptedString.Text = Encoding.ascii.getstring (plaintext);
7. On the Generate menu, click Generate Solutions. 8. Right-click WebForm1.aspx in Solution Explorer, and then click View in your browser. 9. Click "Get Connection String". At this point, the connection string of encryption and decryption is displayed on the web form.
Back to top
Other resources
For more information, see How to Create a Plus Library in this guide.