3

I need to store encryption/decryption keys for an encryption algorithm, on a public WPF application, available as free download to anyone.
Obviously, I would like to store these keys in secure way, so that the user may not see them.

As I see it, it's not possible, since it's very easy to decompile a .Net app, and obfuscating it doesn't do much. I can't think of a place to store these infos, that is either not user-accessible, or is "naturally" encrypted (like some kind of "Windows vault", but then the user could create an application pretending to be my own, wouldn't he?)

From the moment the user has access to the (compiled) code and the (clear) app.config, I don't see how I can store sensitive informations locally.

I saw plenty of help to encode connection strings and securing stuff on IIS, but none on WPF applications.

Is there any way to securely store arbitrary data with .Net/WPF?

Thanks!

thomasb
  • 5,816
  • 10
  • 57
  • 92
  • why don't you use [one way encryption (hashing)](http://en.wikipedia.org/wiki/Cryptographic_hash_function) to store your passwords. You then store these. That way it is [infeasible*](http://en.wikipedia.org/wiki/Computational_complexity_theory#Intractability) to decrypt them, even if some one gains access to the hashed passwords. You still have to store these somewhere secure but this is better than 2 way encryption – Liam Jul 07 '14 at 16:24
  • We used encrypted keys stored in registry and encryption was done using ProtectedData classes (http://msdn.microsoft.com/en-us/library/2fh8203k(v=vs.110).aspx). Entrophy was available to only System admins who can generated those encrypted data and stored into registry, registry was pushed out to client using MSI installer. On client end, we get entrophy using WCF(It gets it from machine.config) service to decrypt keys from registry. I know there is always a way to hack this but it is more secure approach than storing it in web.config. – VRK Jul 07 '14 at 19:27
  • @Liam: it's not passwords I'm storing, it's informations I want to decrypt, like tracking IDs for instance. – thomasb Jul 07 '14 at 21:13
  • @VRK: thanks, but since it's a public app, the users are admin (otherwise they can't install the app anyway). – thomasb Jul 07 '14 at 21:14
  • Would it be possible for you to use MSI installer? If Yes, then you can push out initial registry in installer itself. – VRK Jul 08 '14 at 14:43
  • Yes but the user can still read the registry values. – thomasb Jul 08 '14 at 18:22
  • Yes but It would be encrypted and it would be useless unless they have entrophy with them. – VRK Jul 09 '14 at 20:24
  • Yes but from your comment they can decrypt it using machine.config? If my user have admin access, they have access to machine.config, haven't they? So they can decrypt it. Or have I misunderstood something ? – thomasb Jul 10 '14 at 07:20

3 Answers3

7

Simple: You do not.

NO way to do that ever has worked. None. Ever. All copy protections that get cracked within days are based on "hey, I can hide something".

You can safely store user specific data in the user's specific folders - and leave it to the OS to protect these places. But thinking you can hide encryption keys in your app - basically: you can hide them if noone smart looks at them (or: no dedicated hacker). This may work - but it is "relying on people not really wanting to find it".

TomTom
  • 61,059
  • 10
  • 88
  • 148
7

  1. Do not put it in the app - 'anyone' can get to it.

  2. Store the secrets (private keys) in a certificate store so only processes with the appropriate rights will have access. Make installing the private keys part of a separate process/setup so admins can do that apart from installing the application and have the application search/query the certificate store

Emond
  • 50,210
  • 11
  • 84
  • 115
  • Thanks, but it's a public app, anyone has access to it, and anyone should be able to install it. So different access rights are not a possibility. – thomasb Jul 07 '14 at 21:07
  • 5
    If it is public, you can't hide a secret in it. You can only hide secrets in containers that are locked with highly restricted access and a random machine of any user is not such a container. Set up SSL with a secured server and pass the secret stuff to the server. Encrypt that secret with the public key of the client so only those that have access to the private key can decrypt it. – Emond Jul 07 '14 at 21:24
2

As soon as information is stored on the user's machine, you have to assume he can access it; there's no way around it. The only option, if you want to make it impossible for the user to access the key, is to do the encryption on a remote server, but it's not always a viable option if the data to encrypt is large.

Thomas Levesque
  • 286,951
  • 70
  • 623
  • 758
  • Yes, that's what I thought also. I can't think of a way a user can't not access something on his computer, otherwise my software can't either. – thomasb Jul 07 '14 at 21:11