1

Would like to know the best way to encrypt and decrypt an XML file that serve as a database ?

Thanks.

Rushino
  • 9,415
  • 16
  • 53
  • 93
  • 1
    More information. What is the client? How are you parsing the XML? Do you want it encrypted while it is live or just when you copy to backup? – paparazzo Aug 11 '11 at 20:43
  • Sorry i though the tag WPF would be added. – Rushino Aug 11 '11 at 21:04
  • Why do you want to encrypt it? Who are you trying to defend against? Is it okay if the user of the application has to enter a password that decrypts the file? – svick Aug 11 '11 at 22:57

2 Answers2

1

There are XML encryption APIs included in the .NET Framework that use symmetric and assymetrics keys.

You can also use the standard .NET AES encryption classes for this from any .NET language but you'd have to manually operate on the element/attribute values in the XML (or encrypt it all as one big string). If you are using it as a database encryption can cause some issues if you can't decrypt all of it in one shot. For example if you need to search multiple elements there is going to be a cost to decrypting each one to check the values.

Encryption is not perfect on its own you have to protect the keys used to encrypt the data. Look into the SecureString class and the DPAPI API for protection of the keys, although there may be better APIs for doing this. If you have bugs in your crypto code you might as well not have any encryption, so try to write as little as possible and make sure you have the code reviewed by an expert.

Community
  • 1
  • 1
Brian Lyttle
  • 14,558
  • 15
  • 68
  • 104
0

For most uses AES-128 in CTR mode with no padding (or alternatively CBC mode with PKCS7 padding) will suffice to encrypt your file. CTR mode is better if you want to be able to decrypt parts of the file without having to decrypt the whole thing from the start. You just need to store the value of the counter used for each part.

rossum
  • 15,344
  • 1
  • 24
  • 38