0

my doubt is about the key to decrypt a encrypted string, without the same key used to encrypt the string i dont get the original string ok, but I need to protect this key not use her in hardcode because any hacker could decompiling a dll and see this key, if I to store this key in any archive, the hacker could copy this archive and my method and decrypt my text, how can i prevent this attack? following my code implementation, here the salt and key are static I'm trying to think in anyway to safe these datas

    private static byte[] salt = new byte[255];
    private static byte[] key;
    internal static string EncryptString(string InputText)
    {
        System.Security.Cryptography.RijndaelManaged RijndaelCipher = 
            new System.Security.Cryptography.RijndaelManaged();

        RNGCryptoServiceProvider rcs = new RNGCryptoServiceProvider();
        rcs.GetBytes(salt);

        key = RijndaelCipher.Key;
        byte[] plainText = System.Text.Encoding.Unicode.GetBytes(InputText); 

        System.Security.Cryptography.PasswordDeriveBytes SecretKey =
            new System.Security.Cryptography.PasswordDeriveBytes(RijndaelCipher.Key, salt);

        System.Security.Cryptography.ICryptoTransform Encryptor = 
            RijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16));
        System.IO.MemoryStream memoryStream = new System.IO.MemoryStream();

        System.Security.Cryptography.CryptoStream cryptoStream = 
            new System.Security.Cryptography.CryptoStream(memoryStream, Encryptor, CryptoStreamMode.Write);
        cryptoStream.Write(plainText, 0, plainText.Length);

        cryptoStream.FlushFinalBlock();
        byte[] CipherBytes = memoryStream.ToArray();
        memoryStream.Close();
        cryptoStream.Close();
        string EncryptedData = Convert.ToBase64String(CipherBytes);
        return EncryptedData;

    }

    internal static string DecryptString(string text)
    {

        System.Security.Cryptography.RijndaelManaged RijndaelCipher = 
            new System.Security.Cryptography.RijndaelManaged();

        byte[] EncryptedData = Convert.FromBase64String(text);

        System.Security.Cryptography.PasswordDeriveBytes SecretKey =
            new System.Security.Cryptography.PasswordDeriveBytes(RijndaelCipher.Key, salt);

        ICryptoTransform Decryptor = 
            RijndaelCipher.CreateDecryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16));
        System.IO.MemoryStream memoryStream = new System.IO.MemoryStream(EncryptedData);

        CryptoStream cryptoStream = new CryptoStream(memoryStream, Decryptor, CryptoStreamMode.Read);
        byte[] PlainText = new byte[EncryptedData.Length];
        int DecryptedCount = cryptoStream.Read(PlainText, 0, PlainText.Length);
        memoryStream.Close();
        cryptoStream.Close();

        string DecryptedData = Encoding.Unicode.GetString(PlainText, 0, DecryptedCount);
        return DecryptedData;

    }


    #endregion


}
Alan
  • 5
  • 5
  • possible duplicate of [How to securely handle AES “Key” and “IV” values](http://stackoverflow.com/questions/18324149/how-to-securely-handle-aes-key-and-iv-values) – Syon Jul 29 '14 at 16:55
  • You have an awful lot of instantiations of classes which implement the `IDisposable` interface and therefore should be wrapped in `using` blocks. – Jesse C. Slicer Jul 29 '14 at 17:12
  • my question was about storage key not about the code implementation, this is just any code, I still not adapted the solution at my software – Alan Jul 29 '14 at 17:18

0 Answers0