0

I'm currently working on a BackupManager sending an email to me after having processed all tasks. This email shall contain a log of what have been done.

The problem is, that my e-mail SMTP server (gmail) only allows encrypted connections using SSL. I know how to establish such a connection, but as the program runs from 2 to 8 am or at at a similar time, I don't want to have to enter the password every time. However, I also don't want to save the password as plain text on the hard drive. So I'm looking for a method to save the password encrypted and decrypt it later without prompting or stuff like that.

Thank you for help,

Turakar

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Turakar
  • 180
  • 2
  • 13
  • I think if you don't want to save it, you can make wrapper for that service on your server that will store passsword and make sessions. But it look's like over engineering – Suhan Feb 08 '15 at 12:17
  • 1
    you can use this code: http://stackoverflow.com/questions/1678555/password-encryption-decryption-code-in-net – Tomer Klein Feb 08 '15 at 12:39

2 Answers2

1

I've used the answer suggsted by Tomer Klein using ProtectedData. Just use ProtectedData.Protect(data, salt, scope) to protect your password in bytes and ProtectedData.Unprotect(data, salt, scope) to unprotect it. Remember to delete your password from memory once you are done, otherwise an attacker could retrieve it from there.

Turakar
  • 180
  • 2
  • 13
0

private string Encrypt(string clearText)
{
    string EncryptionKey = "MAKV2SPBNI99212";
    byte[] clearBytes = Encoding.Unicode.GetBytes(clearText);
    using (Aes encryptor = Aes.Create())
    {
        Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
        encryptor.Key = pdb.GetBytes(32);
        encryptor.IV = pdb.GetBytes(16);
        using (MemoryStream ms = new MemoryStream())
        {
            using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write))
            {
                cs.Write(clearBytes, 0, clearBytes.Length);
                cs.Close();
            }
            clearText = Convert.ToBase64String(ms.ToArray());
        }
    }
    return clearText;
}
 
private string Decrypt(string cipherText)
{
    string EncryptionKey = "MAKV2SPBNI99212";
    byte[] cipherBytes = Convert.FromBase64String(cipherText);
    using (Aes encryptor = Aes.Create())
    {
        Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
        encryptor.Key = pdb.GetBytes(32);
        encryptor.IV = pdb.GetBytes(16);
        using (MemoryStream ms = new MemoryStream())
        {
            using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
            {
                cs.Write(cipherBytes, 0, cipherBytes.Length);
                cs.Close();
            }
            cipherText = Encoding.Unicode.GetString(ms.ToArray());
        }
    }
    return cipherText;
}
Tomer Klein
  • 436
  • 2
  • 6
  • But the key is static in that case, isn't it? – Turakar Feb 08 '15 at 12:43
  • Which key? The Encryption is static but you can save the encrypted password into your app.config... – Tomer Klein Feb 08 '15 at 12:45
  • i'm using this in some of my Web / Win apps and it's working very good – Tomer Klein Feb 08 '15 at 12:46
  • I'd recommend storing the key in an encrypted database. You can use a trusted connection for credentials to the database server - that way no user names or passwords are hard coded in config files. Worked well != good security practice! – Shiv Feb 10 '15 at 02:26