1

I'm very new to the topic of encryption.

I'm building a WPF application (to manage database permissions) with a config file that contains one connection string that needs to be encrypted. I'm using 256 Rijndael encryption and generate a symmetric Key and IV.

Now that I have the Key and IV I can generate the proper Rijndael key to decrypt the relevant XML node. What I need now is a readable password that each authorized user receives from me in order for the app to successfully talk to the db. It's ok if the user has to type the password in every time the app is launched.

Am I approaching this correctly? Is there an easier way to do what I'm trying to do?

Would really appreciate the help.

thanks!

bjoern
  • 1,009
  • 3
  • 15
  • 31
  • Should the password be unique for each user? And do you want to use the password for the decryption? If not - if the password should only unlock the app, you could use a hardcoded md5-password and compare it with the md5-encoded string of the given password. This would not reveal the encrypted connection string. – Michael Mar 04 '13 at 01:50
  • Do you need a password to protect the config section? Is it just to encrypt the section or is there another reason why you need to use a password? I only ask because there is a way to just encrypt the config section where the app is still able to read it without decrypting it. – doiley Mar 04 '13 at 03:27
  • @doiley The password should be the same for all users. Should the Key and IV be hard coded and should I use a hard coded md5-encoded string to "unlock" the Key and IV within the application? – bjoern Mar 04 '13 at 15:19
  • Here is a similar question http://stackoverflow.com/a/3350023/1045728 – Tommy Grovnes Mar 27 '13 at 06:48

0 Answers0