How to store encrypted connection strings in the registry

xiaoxiao2021-03-06  48

aims

The goal of this chapter is:

• Store encrypted database connection strings in the registry • Read the encrypted database connection string from the registry and decrypt it.

Back to top

Scope of application

This chapter applies to the following products and technologies:

• Microsoft Windows XP or Windows 2000 Server (Service Pack 3) and Higher Versions • Microsoft .NET Framework Version 1.0 (Service Pack 2) and later • Microsoft Visual C # ® .NET

Back to top

How to use this chapter

To learn this chapter:

• You must have experience in programming using Visual C # .NET. • You must have experience in programming using Microsoft Visual Studio® .NET. • You must have experience in developing web applications using ASP.NET. • Create a regular plus library in the creation of the Packiles. The functions provided by this plus library are used in this chapter to connect to database connection string encryption and decryption. • Read Chapter 12 Security Storage Database Connection Strings in Data Access Security. It introduces some techniques for secure storage database connection strings.

Back to top

Summary

If the application written by developers needs to access the database, they will face an identical problem, that is, where is the location securely stores the database connection string. The registry provides them with a choice. However, although the access control list (ACL) can protect the security of a single registry key, in order to improve security, you should first encrypt the connection string before you store it.

This chapter describes how to store the encrypted database connection string in the registry and how it is retrieved from the ASP.NET web application. It will be used to create the regular plus library created in the PC.

Back to top

Background knowledge you have to know

You should know before starting to learn this chapter:

• Connected connection strings for encryption, initialization vector, and keys will be stored as named values ​​under the following registry items in the registry. HKEY_LOCAL_MACHINE / SOFTWARE / TESTAPPLICATION

• The initialization vector and key must be stored to decrypt the connection string.

Back to top

Store encrypted data in the registry

This process creates a Windows application that encrypts the sample database string and stores the string in the registry.

• Store encrypted data in the registry

1. Start Visual Studio .NET and create a new Visual C # item called EncryptionTestApp. 2. Add a reference to the Encryption.dll assembly. To create this assembly, you must perform the steps described in this guide to create the steps described in the Delivery library. 3. Add the following USING statement to the top of the FORM1.CS below the existing USING statement. Using encryption;

Using system.text;

USING Microsoft.win32;

4. Add the controls in Table 1 to FORM1 and arrange them as shown in Figure 1. Table 1: EncryptionTestApp control

ID tag text string connection control: text box label key txtConnectionString: text box label initialization vector txtKey: text box txtInitializationVector tag encryption decryption string text box label string text box txtEncryptedString txtDecryptedString button decrypting the encrypted btnEncrypt button button written to the registry btnDecrypt Data BTnWriteRegistryData

Figure 1 "Encrypted Test Set" dialog 5. Set the TxtConnectionstring text attribute to "Server = local; Database = PUBS; UID = Bob; PWD = Password" 6. Set the TXTKEY TEXT attribute to "0123456789012345"

The key length is 16 bytes to meet the requirements of the triple DES encryption algorithm. 7. Set the text attribute of Form1 to "Encrypting Test Case"

8. Double-click the "Encrypted" button to create a button Click the event handler and add the following code to the event handler. Try

{

// Create an Encryptor object, specify 3DES as

// Encryption Algorithm

Encryptor Enc = New Encryptor (EncryptionAlithm.tripledes);

// Get the connection string in byte arrays

Byte [] plaintext = encoding.ascii.getbytes (txtconnectionstring.text);

Byte [] Key = Encoding.ascii.getbytes (txtKey.Text);

// Perform encryption

Byte [] ciphertext = enc.encrypt (plaintext, key);

// Store the initialization vector, decrypt the need

// This vector

TxtinitializationVector.text = encoding.ascii.getstring (enc.iv);

// Display encrypted strings

TXTENCRYPTEDSTRING.TEXT = Convert.TOBASE64String (Ciphertext);

}

Catch (Exception EX)

{

Messagebox.show ("Anomaly occurs when encryption:" ex.Message,

"Encryption test set");

}

9. Return to Form1 in the Designer mode, then double-click the Decouvel button to create a button Click the event handler. 10. Add the following code to the Decryption button Event handler. Try

{

// Set the Decryptor object

Decryptor Dec = New Decryptor (EncryptionAliithm.tripledes);

// Set the initialization vector

Dec.iv = encoding.ascii.getbytes (txtInitializationVector.text);

Byte [] Key = Encoding.ascii.getbytes (txtKey.Text);

// Perform decryption

Byte [] plaintext = DEC.DECRYPT (Convert.FromBase64String)

TxtencryptedString.Text),

Key);

// Display the decryption string.

TXTDECRYPTEDSTRING.TEXT = Encoding.ascii.getstring (plaintext);

}

Catch (Exception EX)

{

Messagebox.show ("Excluding an exception when decrypt." Ex.Message,

"Encryption test set");

}

11. Return to FORM1 in the Designer mode, then double-click the "Write Registry Data" button to create a button Click the event handler. 12. Add the following code to the event handler. // Create a registry key and named value

RegistryKey rk = registry.localmachine.opensubKey ("Software", true);

RK = rk.createSubkey ("testApplication"); // write an encrypted string, initialization vector, and key

RK.SetValue ("Connectionstring", txtencryptedstring.text);

RK.SetValue ("InitVector", Convert.TOBASE64STRING

Encoding.ascii.getbytes (txtInitializationVector.text))))

RK.SetValue ("Key", Convert.TOBASE64String (Encoding.ascii.GetBytes

TXTKEY.TEXT))))))))))))))))))))))))))))))))))))

Messagebox.show ("Data has been successfully written to registry");

13. Run the app and click Encryption. The encrypted connection string is displayed in the Encrypted String field. 14. Click Decrypt. The original string is displayed in the Decryptive String field. 15. Click "Write Registry Data". 16. In the message box, click OK. 17. Run the regedit.exe and view the contents of the following registry key. HKLM / Software / TestApplication

Confirm the code value of the CONNECTIONSTRING, INITVector, and Key Names. 18. Close the regedit and test sets.

Back to top

Create an ASP.NET web application

This process develops a simple ASP.NET web application that retrieves encrypted connection strings from the registry and decrypt it.

• Create an ASP.NET application

1. Create a new Visual C # ASP.NET web application called EncryptionWebapp. 2. Add a reference to the Encryption.dll assembly. To create this assembly, you must perform the steps described in this guide to create the steps described in the Delivery library. 3. Open WebForm 1.aspx.cs and add the following USING statement to the top of the file. Using encryption;

Using system.text;

USING Microsoft.win32;

4. Add the controls listed in Table 2 to WebForm1.aspx. Table 2: WebForm1.aspx control

Control text ID tab LBLEncryptedString tab LBLDECryptedString button Get connection string btngetConnectionstring

5. Double-click the "Get Connection String" button to create a button Click the event handler. 6. Add the following code to the event handler. RegistryKey rk = registry.localmachine.opensubKey (

@ "Software / TestApplication", False);

LblencryptedString.Text = (string) rk.getValue ("Connectionstring");

String InitVector = (String) RK.GetValue ("InIitVector");

String strkey = (string) RK.getValue ("key");

Decryptor Dec = New Decryptor (EncryptionAliithm.tripledes);

Dec.iv = convert.FromBase64String (InitVector);

// Decrypt string

Byte [] plaintext = DEC.DECRYPT (Convert.FromBase64String)

LblencryptedString.Text), convert.frombase64string (strkey));

LBldecryptedString.Text = Encoding.ascii.getstring (plaintext);

7. On the Generate menu, click Generate Solutions. 8. Right-click WebForm1.aspx in Solution Explorer, and then click View in your browser. 9. Click "Get Connection String". At this point, the connection string of encryption and decryption is displayed on the web form.

Back to top

Other resources

For more information, see How to Create a Plus Library in this guide.

转载请注明原文地址:https://www.9cbs.com/read-116182.html

New Post(0)