Beforehand :
I have read indeed the other topics on SO, but I can't find an answer in them.
(The others are about config-files, or a list of techniques)
我确实读过关于SO的其他主题,但我找不到答案。 (其他是关于配置文件或技术列表)
My question thus is very simple, though a bit subjective (I'll label it beforehand :-)) what is the easiest way..
因此我的问题很简单,虽然有点主观(我事先将它标记为:-))最简单的方法是什么?
5 个解决方案
#1
File.Encrypt is pretty simple - one call (with one parameter).
File.Encrypt非常简单 - 一次调用(带一个参数)。
Of course, it really depends on what you want the encryption for. File.Encrypt encrypts to the current account, which isn't much use if you're passing the file around. But, given your spec - i.e. easiest way to encrypt a file - it has to be a candidate!
当然,这实际上取决于你想要加密的内容。 File.Encrypt加密到当前帐户,如果您传递文件,则没有多大用处。但是,根据您的规范 - 即加密文件的最简单方法 - 它必须是候选人!
#3
Don't believe you have any security just because you encrypt a config file. If someone has access to the encrypted config file, and your executable, containing the password, it's likely to be possible to decrypt your configfile. It's just a little harder.
不要因为加密配置文件而认为您有任何安全性。如果有人可以访问加密的配置文件和包含密码的可执行文件,则可能会解密您的配置文件。这有点困难。
And say your config file contains passwords to database connections, it might be possible to get those passwords looking at the network packets.
并且说您的配置文件包含数据库连接的密码,可能会获取这些密码查看网络数据包。
#4
Encryption is trivial with modern libraries: the hard part is securing the key(s).
现代图书馆的加密是微不足道的:困难的部分是保护密钥。
So you need to look at what you're trying to secure, and what threats you are trying to secure against.
因此,您需要了解您要保护的内容以及您要防范的威胁。
To encrypt a file so only the current user can see it on a client workstation, File.Encrypt is a good choice, or DPAPI with the CurrentUser scope.
要加密文件以便只有当前用户可以在客户端工作站上看到它,File.Encrypt是一个不错的选择,或具有CurrentUser范围的DPAPI。
For a configuration file on a single server, DPAPI using the LocalMachine scope is a good choice. You then need to make sure only authorized users are able to log in to the server. Here you're essentially delegating key management to Windows.
对于单个服务器上的配置文件,使用LocalMachine范围的DPAPI是一个不错的选择。然后,您需要确保只有授权用户才能登录服务器。在这里,您实际上是将密钥管理委派给Windows。
For a configuration file on a server farm, you need to share the key between the servers. RsaProtectedConfigurationProvide is a good choice, but you have more work ensuring that all servers have access to the same key, and that it is protected against unauthorized access (e.g. using a DACL).
对于服务器场上的配置文件,您需要在服务器之间共享密钥。 RsaProtectedConfigurationProvide是一个不错的选择,但是你有更多的工作要确保所有服务器都能访问相同的密钥,并且它可以防止未经授权的访问(例如使用DACL)。
#5
I recommend the Cryptography Application block in Enterprise Library. Very easy, very flexible.
我推荐企业库中的Cryptography Application块。非常简单,非常灵活。
#1
File.Encrypt is pretty simple - one call (with one parameter).
File.Encrypt非常简单 - 一次调用(带一个参数)。
Of course, it really depends on what you want the encryption for. File.Encrypt encrypts to the current account, which isn't much use if you're passing the file around. But, given your spec - i.e. easiest way to encrypt a file - it has to be a candidate!
当然,这实际上取决于你想要加密的内容。 File.Encrypt加密到当前帐户,如果您传递文件,则没有多大用处。但是,根据您的规范 - 即加密文件的最简单方法 - 它必须是候选人!
#2
C#中的数据保护API
#3
Don't believe you have any security just because you encrypt a config file. If someone has access to the encrypted config file, and your executable, containing the password, it's likely to be possible to decrypt your configfile. It's just a little harder.
不要因为加密配置文件而认为您有任何安全性。如果有人可以访问加密的配置文件和包含密码的可执行文件,则可能会解密您的配置文件。这有点困难。
And say your config file contains passwords to database connections, it might be possible to get those passwords looking at the network packets.
并且说您的配置文件包含数据库连接的密码,可能会获取这些密码查看网络数据包。
#4
Encryption is trivial with modern libraries: the hard part is securing the key(s).
现代图书馆的加密是微不足道的:困难的部分是保护密钥。
So you need to look at what you're trying to secure, and what threats you are trying to secure against.
因此,您需要了解您要保护的内容以及您要防范的威胁。
To encrypt a file so only the current user can see it on a client workstation, File.Encrypt is a good choice, or DPAPI with the CurrentUser scope.
要加密文件以便只有当前用户可以在客户端工作站上看到它,File.Encrypt是一个不错的选择,或具有CurrentUser范围的DPAPI。
For a configuration file on a single server, DPAPI using the LocalMachine scope is a good choice. You then need to make sure only authorized users are able to log in to the server. Here you're essentially delegating key management to Windows.
对于单个服务器上的配置文件,使用LocalMachine范围的DPAPI是一个不错的选择。然后,您需要确保只有授权用户才能登录服务器。在这里,您实际上是将密钥管理委派给Windows。
For a configuration file on a server farm, you need to share the key between the servers. RsaProtectedConfigurationProvide is a good choice, but you have more work ensuring that all servers have access to the same key, and that it is protected against unauthorized access (e.g. using a DACL).
对于服务器场上的配置文件,您需要在服务器之间共享密钥。 RsaProtectedConfigurationProvide是一个不错的选择,但是你有更多的工作要确保所有服务器都能访问相同的密钥,并且它可以防止未经授权的访问(例如使用DACL)。
#5
I recommend the Cryptography Application block in Enterprise Library. Very easy, very flexible.
我推荐企业库中的Cryptography Application块。非常简单,非常灵活。