2

I am storing account data for my application in the "application data" local directory. I am curious to understand the proper (or a correct) way to secure this file.

As it stands, it's a simple text file. Can I simply zip it with AES 256bit encryption? Is that safe enough? Of course, then inside my program I need to store the key, so is this a risk?

What's the best method?

Cheers, Adrian

slugster
  • 49,403
  • 14
  • 95
  • 145
Adrian
  • 323
  • 2
  • 5
  • 17
  • 1
    What are your goals? What risks are you securing against? – David Heffernan Sep 06 '12 at 06:46
  • 1
    You can encrypt with any good cipher, ZIPping is not necessary. Remember though that any determined hacker having access to your encrypted file and program can find the key with a tool like IDA debugger or 'in memory' when your program is running (that's why DVD encryption was ultimately broken: millions of people had access to the encrypted DVDs and the running decoder software). If you only want to protect against the occasional curious user (see Davids question) I'd say your idea is fine. – Jan Doggen Sep 06 '12 at 07:50
  • Will the users of your application be logging in? If so then you don't need to store the key anywhere but instead use their password and initialise it with say SHA-256 - you can even use rounds of hashing. What are you using for the encryption? Don't try to make your own up. DCPCrypt and LockBox 3 are two good ones to use. – Shambhala Sep 06 '12 at 14:06

2 Answers2

3

You might want to consider the DPAPI (Data Protection API). This SO answer explains some scenarios you can use it for (user data, program data).

Don't go invent your own encryption algorithms, and give the storage of your encryption keys some good thought: that is often the weakest point in the whole security chain.

Community
  • 1
  • 1
Jeroen Wiert Pluimers
  • 23,965
  • 9
  • 74
  • 154
0

You can encrypt sensitive data (or entire stream/string) before writing to file. Alternativelly you may zip/unzip entire data stream into memory and write/read it to/from file. In this case you just will use less disk space.

Ziping a file is not a nice solution. It assume that for some time you will have your file unencrypted when writting/reading profile data. This may be a big security hole.

Marcodor
  • 4,578
  • 1
  • 20
  • 24