0

I am currently encrypting strings as follows:

public static string Encrypt(this string DecryptedValue)
{
    if (string.IsNullOrWhiteSpace(DecryptedValue)) { return string.Empty; }
    return HttpServerUtility.UrlTokenEncode(MachineKey.Protect(Encoding.UTF8.GetBytes(DecryptedValue.Trim())));
}

public static string Decrypt(this string EncryptedValue)
{
    if (string.IsNullOrWhiteSpace(EncryptedValue)) { return string.Empty; }
    return Encoding.UTF8.GetString(MachineKey.Unprotect(HttpServerUtility.UrlTokenDecode(EncryptedValue)));
}

However, when I move the production database to a development server (to test a new version before I deploy), these functions are unable to decrypt data already stored in the database (I assume that this is because of my usage of the MachineKey).

Is there some way that I could modify the above extensions so that I could encrypt/decrypt the same database on multiple machines without writing something complicated?

William
  • 3,335
  • 9
  • 42
  • 74
  • Please define "simple". Is ROT13 or XOR simple? Maybe, but not secure any more... – Thomas Weller Nov 17 '15 at 12:59
  • Encryption should be difficult, and slow. If you are using this for passwords it should also only be a one way encryption. What are you encrypting and decrypting? – Ron Beyer Nov 17 '15 at 13:05
  • I use a hash for passwords (so they are one-way) - here, I am encrypting/decrypting credit card numbers - so I have to be able to read the original string - – William Nov 17 '15 at 13:05

1 Answers1

1

Assuming you are talking about asp.net, you can try keeping your code and change configuration in web.config instead.

Specify same machine key and algorithms as in production server.

See https://msdn.microsoft.com/en-us/library/w8h3skw9(v=vs.100).aspx for reference.

If the key is specified in web.config file, it should override the real machine key in your development enviroment just for your application.

Pepelui360
  • 459
  • 2
  • 8