Encrypt My.Settings setting?

[Tom]

Is it possible to encrypt a value in the my.settings area in VB.NET
2005? I.E. Can I add a settings value (via My Project / Settings) and
have it encrypt that value so that if anyone looks at the resulting
app.config file the value is encrypted? If so, (1) How do you specify
the value to be encrypted? And (2) How do you access it now from VB?
Can you still go through My.Settings??

Tom

--

 

[Guest]

well theres no built in function to say, for example

Dim str as string = "password"

my.Settings.Password1 = str
my.settings.Password1.Encrypt()

theres nothing built in to do that. you have to encrypt the string yourself,
be it by your own algorithm or by the Crytography namaespace (ive never used
it, so if you use it let me know how it goes). the easiest way ive found,
unless you need things heavily encrypted, is to just create a simple letter
bump. anyone looking at it wont make sense of it unless theyre seriously
trying to hack it.

 

[Tom]

iwdu15: Well, one of the things I thought that was 'trumpted' as new
and great with VS 2005 was the ability to encrypt values in your
settings file, especially connection strings. I see that in ASP.NET,
things can be encrypted in the web.config file, but I don't see
anything about this for Windows Forms applications.

 

[Izzy]

You can use this code to encrypt and decrypt a stored value.

Imports System.Security.Cryptography
Imports System.Text

Module mod_Globals

Public EncryptionKey As String =
"justsomewordstobeusedasacryptionkey"

Public Function EncryptString128Bit(ByVal vstrTextToBeEncrypted As
String, ByVal vstrEncryptionKey As String) As String

Dim bytValue() As Byte
Dim bytKey() As Byte
Dim bytEncoded() As Byte
Dim bytIV() As Byte = {121, 241, 10, 1, 132, 74, 11, 39, 255,
91, 45, 78, 14, 211, 22, 62}
Dim intLength As Integer
Dim intRemaining As Integer
Dim objMemoryStream As New MemoryStream
Dim objCryptoStream As CryptoStream
Dim objRijndaelManaged As RijndaelManaged

vstrTextToBeEncrypted =
StripNullCharacters(vstrTextToBeEncrypted)

bytValue =
Encoding.ASCII.GetBytes(vstrTextToBeEncrypted.ToCharArray)

intLength = Len(vstrEncryptionKey)

If intLength >= 32 Then
vstrEncryptionKey = Strings.Left(vstrEncryptionKey, 32)
Else
intLength = Len(vstrEncryptionKey)
intRemaining = 32 - intLength
vstrEncryptionKey = vstrEncryptionKey &
Strings.StrDup(intRemaining, "X")
End If

bytKey = Encoding.ASCII.GetBytes(vstrEncryptionKey.ToCharArray)

objRijndaelManaged = New RijndaelManaged

Try
objCryptoStream = New CryptoStream(objMemoryStream,
objRijndaelManaged.CreateEncryptor(bytKey, bytIV),
CryptoStreamMode.Write)
objCryptoStream.Write(bytValue, 0, bytValue.Length)
objCryptoStream.FlushFinalBlock()
bytEncoded = objMemoryStream.ToArray
objMemoryStream.Close()
objCryptoStream.Close()
Catch

End Try

Return Convert.ToBase64String(bytEncoded)

End Function

Public Function DecryptString128Bit(ByVal vstrStringToBeDecrypted
As String, ByVal vstrDecryptionKey As String) As String

Dim bytDataToBeDecrypted() As Byte
Dim bytTemp() As Byte
Dim bytIV() As Byte = {121, 241, 10, 1, 132, 74, 11, 39, 255,
91, 45, 78, 14, 211, 22, 62}
Dim objRijndaelManaged As New RijndaelManaged
Dim objMemoryStream As MemoryStream
Dim objCryptoStream As CryptoStream
Dim bytDecryptionKey() As Byte
Dim intLength As Integer
Dim intRemaining As Integer
Dim intCtr As Integer
Dim strReturnString As String = String.Empty
Dim achrCharacterArray() As Char
Dim intIndex As Integer

bytDataToBeDecrypted =
Convert.FromBase64String(vstrStringToBeDecrypted)

intLength = Len(vstrDecryptionKey)

If intLength >= 32 Then
vstrDecryptionKey = Strings.Left(vstrDecryptionKey, 32)
Else
intLength = Len(vstrDecryptionKey)
intRemaining = 32 - intLength
vstrDecryptionKey = vstrDecryptionKey &
Strings.StrDup(intRemaining, "X")
End If

bytDecryptionKey =
Encoding.ASCII.GetBytes(vstrDecryptionKey.ToCharArray)

ReDim bytTemp(bytDataToBeDecrypted.Length)

objMemoryStream = New MemoryStream(bytDataToBeDecrypted)

Try

objCryptoStream = New CryptoStream(objMemoryStream,
objRijndaelManaged.CreateDecryptor(bytDecryptionKey, bytIV),
CryptoStreamMode.Read)
objCryptoStream.Read(bytTemp, 0, bytTemp.Length)
objCryptoStream.FlushFinalBlock()
objMemoryStream.Close()
objCryptoStream.Close()

Catch

End Try

Return StripNullCharacters(Encoding.ASCII.GetString(bytTemp))

End Function


Public Function StripNullCharacters(ByVal vstrStringWithNulls As
String) As String

Dim intPosition As Integer
Dim strStringWithOutNulls As String

intPosition = 1
strStringWithOutNulls = vstrStringWithNulls

Do While intPosition > 0
intPosition = InStr(intPosition, vstrStringWithNulls,
vbNullChar)

If intPosition > 0 Then
strStringWithOutNulls = Left$(strStringWithOutNulls,
intPosition - 1) & _
Right$(strStringWithOutNulls,
Len(strStringWithOutNulls) - intPosition)
End If

If intPosition > strStringWithOutNulls.Length Then
Exit Do
End If
Loop

Return strStringWithOutNulls

End Function


End Module


Then to call this code do the following:

'Get Password
Dim strPassword as string = DecryptString128Bit(My.Settings.Password,
EncryptionKey)

'Save Password
My.Settings.Password = EncryptString128Bit(txt_Password1.Text.Trim,
EncryptionKey)

Hope this helps!

I didn't write this and I can't remember who did, otherwise I would
reference them.

Israel

 

[Sy]

I found this Class somehwere... can't remember where now... just include it
in your project.

Then somewhere in your main code just do something like the following...

dim EncClass as new Encryption
dim txtPlainTextPassword as string = "ThisIsMyNewPasswordSoThere!"
dim txtEncryptedPassword as string =
EncClass.EncryptData(txtPlainTextPassword)
dim txtDecryptedPassword as string =
EncClass.DecryptData(txtEncryptedPassword)

debug.print(txtPlainTextPassword)
debug.print(txtEncryptedPassword)
debug.print(txtDecryptedPassword)

Cheers, Sy

PS. Here's the Encryption Class... As I said I liked to give credit where I
found this...

Imports System.Security.Cryptography

Public NotInheritable Class Encryption

Private TripleDes As New TripleDESCryptoServiceProvider

Private svKey As String = "justsomewordstobeusedasacryptionkey"

Sub New(ByVal key As String)

' Initialize the crypto provider.

TripleDes.Key = TruncateHash(key, TripleDes.KeySize \ 8)

TripleDes.IV = TruncateHash("", TripleDes.BlockSize \ 8)

End Sub

Sub New()

TripleDes.Key = TruncateHash(svKey, TripleDes.KeySize \ 8)

TripleDes.IV = TruncateHash("", TripleDes.BlockSize \ 8)

End Sub

Private Function TruncateHash( _

ByVal key As String, _

ByVal length As Integer) _

As Byte()

Dim sha1 As New SHA1CryptoServiceProvider

' Hash the key.

Dim keyBytes() As Byte = _

System.Text.Encoding.Unicode.GetBytes(key)

Dim hash() As Byte = sha1.ComputeHash(keyBytes)

' Truncate or pad the hash.

ReDim Preserve hash(length - 1)

Return hash

End Function

Public Function EncryptData( _

ByVal plaintext As String) _

As String

' Convert the plaintext string to a byte array.

Dim plaintextBytes() As Byte = _

System.Text.Encoding.Unicode.GetBytes(plaintext)

' Create the stream.

Dim ms As New System.IO.MemoryStream

' Create the encoder to write to the stream.

Dim encStream As New CryptoStream(ms, _

TripleDes.CreateEncryptor(), _

System.Security.Cryptography.CryptoStreamMode.Write)

' Use the crypto stream to write the byte array to the stream.

encStream.Write(plaintextBytes, 0, plaintextBytes.Length)

encStream.FlushFinalBlock()

' Convert the encrypted stream to a printable string.

Return Convert.ToBase64String(ms.ToArray)

End Function

Public Function DecryptData( _

ByVal encryptedtext As String) _

As String

' Convert the encrypted text string to a byte array.

Dim encryptedBytes() As Byte = Convert.FromBase64String(encryptedtext)

' Create the stream.

Dim ms As New System.IO.MemoryStream

' Create the decoder to write to the stream.

Dim decStream As New CryptoStream(ms, _

TripleDes.CreateDecryptor(), _

System.Security.Cryptography.CryptoStreamMode.Write)

' Use the crypto stream to write the byte array to the stream.

decStream.Write(encryptedBytes, 0, encryptedBytes.Length)

decStream.FlushFinalBlock()

' Convert the plaintext stream to a string.

Return System.Text.Encoding.Unicode.GetString(ms.ToArray)

End Function

End Class