6

I have the following question: In my ASP.NET MVC application I want to store some key/value settings in my database. Some of this key/value settings contain passwords, that I want to encrypt to secure them.

I can´t hash the passwords because I need some passwords to autheticate on a remote SMTP server.

On MSDN I found an article about securing configuration settings with "Protected Configuration Providers", but I don´t want to store that settings in my web.config file.

I considered to use the DpapiProtectedConfigurationProvider that uses some machine and user specific properties as encryption keys, but this provider is built to work only with XML configuration nodes.

An other MSDN article is about a ProtectedData Class, but is this method really secure?

So, what is the best method to store passwords in an C# application?

I also read the following other questions, but I found no solution: Question 1, Question 2, Question 3

greetings

Community
  • 1
  • 1
WhiteIntel
  • 697
  • 1
  • 9
  • 24
  • If your process needs to be able to decrypt the data unattended, and you can't use the Dpapi, then you're out of luck, no option is really all that secure. – Lasse V. Karlsen May 07 '14 at 15:43
  • Are there any other options that would be possible? – WhiteIntel May 07 '14 at 15:47
  • 2
    Why are you opposed to storing encryption / decryption key in the web.config? If you are going to store the data encrypted and need it decrypted then the decryption key needs to be stored some where. – paparazzo May 07 '14 at 16:18
  • Yes but I want to store the key at a safe location and the web.config needs also be secured with an encryption method. I don´t want to make a use of several configuration places, because I want to store all data and configuration related stuff at a central location (e.g. database). – WhiteIntel May 07 '14 at 19:46
  • What you're talking about is known as Key Management. Arguably the most difficult aspect of cryptography to get right. There are third party software providers that specialise solely in this, but if you want to try and tackle it yourself I can point you to an answer I gave a while back:http://stackoverflow.com/questions/1583553/how-to-properly-do-private-key-management/1584586#1584586 – PaulG May 08 '14 at 09:49

1 Answers1

1

One possibility is to query the database for the encryption key (which is kept in a separate table), and use that to encrypt/decrypt the key values you need, which you retrieve in encrypted form from the database using a separate query.

This means, of course, that you will be storing both the encrypted key values and the encryption key in the database, and that you are not storing the encryption key anywhere in your app code. You should also use a proc call to retrieve the encryption key, instead of allowing direct access to the table in which it's stored.

This technique assumes that you are using some other method of establishing a database connection, i.e., that the database connection password itself is secured in a different manner within the app.

As @Blam stated, you have to store the encryption key somewhere, either in the app, or in a file accessible to the app, or in the database.

David R Tribble
  • 11,918
  • 5
  • 42
  • 52
  • Ok thank you very much for you answer, so I only have to secure the configuration section of my database connection string? – WhiteIntel May 08 '14 at 08:43
  • Yes. You have to secure at least the password portion of the connection string, if you can't encrypt the whole thing. – David R Tribble May 13 '14 at 18:07