Securing client side json

Question

I am new in Windows store apps development. I am creating a Windows Store App which requires to store some data on client side. This data is present in JSON format having Build Action as Content. Whenever user runs the application, I am initializing some objects by reading this JSON file. However this is just a plain text and contains data that should not be revealed to the user. Can I encrypt this JSON by any means. I need basically a workaround where I encrypt the json data while building the application and decrypt this json while reading and initializing the objects. Please suggest.

Possible duplicate of: https://stackoverflow.com/questions/48159233/how-do-you-encrypt-a-password-within-appsettings-json-for-asp-net-core-2 — HackSlash, Jun 13 '23 at 18:31

score 3 · Answer 1 · edited May 23 '17 at 10:33

3

I'm assuming your code looks like this:

string json = File.ReadAllText("/<path to json>/config.json");
// Parse the json ...

You can encrypt the content of the JSON file using AES encryption. You will need to define a key that will be used for encryption and decryption.

Take a look in here : using AES encrypt / decrypt in c#

After using encryption your code will look like this:

when you need to read your configuration:

string encryptedJson = File.ReadAllText("/<path to json>/config.json");
string aesKey = "<your aes key>";
string plainJson = AesDecrypt(encryptedJson, aesKey);
// Parse the json ...

When you need save the configuration:

// Generate json ...
string plainJson;

string aesKey = "<your aes key>";
string encryptedJson = AesEncrypt(plainJson, aesKey);
File.WriteAllText("/<path to json>/config.json", encryptedJson);

Note that your key can be extracted from your compiled assemblies using reflection methods

edited May 23 '17 at 10:33

Community

1
1

answered Apr 20 '14 at 07:39

Jossef Harush Kadouri

32,361
10
130
129

Thanks. Your way is good, but I got a different solution. I made Build Action to be Embedded Resource. See this [link](http://androidyou.blogspot.in/2012/08/how-to-load-resource-stream-in-winrt.html). – user3326423 Apr 20 '14 at 10:11
It's still not secret. What is the value of the JSON data? – Peter Torr - MSFT Sep 14 '16 at 21:06
@PeterTorr-MSFT - the file stored on disk is encrypted as OP described – Jossef Harush Kadouri Sep 15 '16 at 15:57
But the key is in the app, right? What are you protecting? – Peter Torr - MSFT Sep 15 '16 at 17:13
1) already mentioned that in the bold note in (the bottom), 2) it's meant to hide plain data available for everyone to read, stored on disk. – Jossef Harush Kadouri Sep 15 '16 at 20:48
Never check a secret in to source control! The current advice seems to be to encrypt at rest and store the key in an Environment Variable. This way you aren't storing the key and the data in the same place and the key can't be checked in to source control. – HackSlash Jun 13 '23 at 18:27

Securing client side json

1 Answers1