0

Background: I have a windows form that accesses a database, the connection strings are view-able from the project level in string format. I don't like the idea of someone decompiling my software and having my connection data in plain text. I have a class which will encrypt and decrypt a string when provided the key as a parameter. What I don't know is how to get that 'machine key' and incorporate it as a parameter in my visual basic method.

encryptorInstance(machineKey) as new Encryptor
encryptorInstance.encrypt('password')
encryptorInstance.decrypt('h1%^#ssahastattr')

I'm not sure what the necessary imports would be, and many of the tutorials I find assume basic knowledge of the 'machine key'.

Lunaugh
  • 25
  • 7
  • I'm not sure I understand what you're trying to do. If you ship an encrypted string in the application, the decompiled code would include both the encrypted string **and the encryption algorithm**, right? so anyone decompiling your code with the intention of getting into your database would already have demonstrated the requisite ability to decrypt your string using that algorithm. Correct me if I'm wrong... – djv Feb 05 '20 at 22:07
  • If you are able to, use integrated security. See [this question](https://stackoverflow.com/q/4155187/832052) for more. – djv Feb 05 '20 at 22:10
  • Maybe my thinking is magical, but I imagine the machine key being unique to the machine, and something my compiled software can summon to decrypt the connection string and use it at run-time. – Lunaugh Feb 05 '20 at 22:11
  • I'll check out that question, first glance it looks promising. – Lunaugh Feb 05 '20 at 22:12
  • I have to laugh, because that encrypted string reads as "asshatter" at a glance :D – HardCode Feb 07 '20 at 20:37

0 Answers0