C and C# file encryption method and particular solution

Question

I have small system on Windows 7 OS which consists of two application (C and C# applications) and a database which is a text or binary file in fact.

C application only read from database, C# application could read and write. I would like to defend this database file from outward impacts.

I tend to use Public-key cryptography method, RSA for example. Could you offer a better one method or a better particular solution. I suggest I need some open source, commercial-friendly licensed libraries (like OpenSSL) for C and C# languages. However my own implementation could be a good choice too.

UPD: I could change both applications code and I want to encrypt the entire file.

"However my own implementation could be a good choice too.": no it isn't. — Bart Friederichs, Aug 20 '13 at 06:52
What do you want to encrypt? The data in the file, or the entire file? — Bart Friederichs, Aug 20 '13 at 06:53
Public key encryption is not going to work, because you only have one party: either the C or the C# app. You'll have to store both keys in each application. Also, why do you want to encrypt? If people steal your DB file, won't they have access to the C/C# apps as well? Or are they on different machines? — Bart Friederichs, Aug 20 '13 at 07:00
@Bart Friederichs I just want to defend my file from user. At the same time user could modify via application only one(his) record in database. For example he could change his password or some metadata. — vard, Aug 20 '13 at 07:08
If the user hass full access to both the apps and the file, there is no way encryption is going to help you. To really fix it, put the data in a real database and put it on a different system, then harden that system. — Bart Friederichs, Aug 20 '13 at 07:08
The only way encryption **could** work in your case, is when you use private key encryption to encrypt the user's **data** and use his password as key. — Bart Friederichs, Aug 20 '13 at 07:11
@Bart Friederichs C application is just a binary, user can't easily modify it. C# application comprises authentification, and certain user could modify only distinct record in database via application, not via directed access. — vard, Aug 20 '13 at 07:15
It is not about modification of the binary. In a complete-file-encryption method, the private key will be readable in the binary of the C app. And you can use that to decrypt the entire file. — Bart Friederichs, Aug 20 '13 at 07:20
@Bart Friederichs what if make C app binary could not be accessed easily? — vard, Aug 20 '13 at 07:23
@vard Applications can **always** be reverse engineered. When a user has access to the program binary, the program is in their complete control. Nothing can be done to protect the program from the user, even in theory. — ntoskrnl, Aug 20 '13 at 10:23
I'm not talking about perfect defense. I just want have simple security against regular user. — vard, Sep 11 '13 at 06:51

score 1 · Answer 1 · edited May 23 '17 at 12:03

you should use some standard symmetric encryption. MS has provided an good article to this subject. http://support.microsoft.com/kb/307010/en-us. Writing an own encryption method usually results to an insecure and errorness algorithm.

Example of Initialization using Password and Salt:

var enc = new RijndaelManaged();
Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(pw, Encoding.ASCII.GetBytes(salt));
enc.Key = key.GetBytes(encryption.KeySize / 8);
enc.IV = key.GetBytes(encryption.BlockSize / 8);
enc.Padding = PaddingMode.PKCS7;

In your case, you have got the problem to create and store password and salt. The salt can be stored along with the file (e.g. the first 16 bytes or you may choose the Filename) and must not to be secured. The password is entered by the user.

If the data is bound to an windows account you may prefere using the Data Protection API because the user does not need to perform an password input. A nice example ist provided at Data Protection API

You may be interested in the first answer of the SO discussion

C and C# file encryption method and particular solution

1 Answers1