1

The scenario is like this i have two applications. Application A is an encrypting application which encrypts files. Application B is a decrypting application which will decrypt the file encrypted by A.

The key is generated randomly. Now the problem is as the key is generated randomly, I don't want to store the key in a text file. I want to store the key embedded in app b, which would require either having a class value of b being modified by app a or modifying a resource neither of which I am able to find a way to do.

Can anybody help me with this about how to accomplish this?

Thanks

Shaumux
  • 735
  • 11
  • 25
  • Mandatory reading: http://blogs.msdn.com/b/ericlippert/archive/2011/09/27/keep-it-secret-keep-it-safe.aspx – SLaks Oct 10 '12 at 03:24
  • @SLaks It cannot be asymmetric encryption. It has to be symmetric. The creation of a CA is also not possible. Did you intend for me to read some particular part of the blog? – Shaumux Oct 10 '12 at 10:44
  • IIRC, C# has a secure key store in it. See http://stackoverflow.com/questions/4967325/best-way-to-store-encryption-keys-in-net-c-sharp for some hints. – rossum Oct 10 '12 at 11:17
  • @rossum Thanks for the info but isn't the secure key store machine dependent? The application B is to be run on a second machine thats why the key need to be stored also the key will be changed everytime a new file is to be encrypted so the key has to be dynamically set for everyfile thats encrypted – Shaumux Oct 10 '12 at 15:14
  • @Shaumux: Use Diffie-Hellman, or similar to generate a key each time you need one. That will allow each machine to store the same key in their own secure store. – rossum Oct 10 '12 at 16:35
  • @rossum Diffie-Hellman in itself only protects against eavesdropping attacks, not man-in-the-middle attacks. Many client/server models need to be protected against both... Besides, DH is obviously asymmetric in nature. – Maarten Bodewes Oct 10 '12 at 21:07
  • Yes D-H is asymmetric in nature. The problem at hand is that application B once generated may not have any contact with application A so a asymmetric algorthm is difficult. Moreover where and who runs the Application B is not known when it is being generated. – Shaumux Oct 11 '12 at 02:27

0 Answers0