企业类库(Enterprise Library)App.config的加密问题(急)
在给客户做一套程序用了微软的企业类库。在开发的过程中,突然发现在app.config中连接数据库的密码会明文出现在该配置文件中,由于客户要求保密性很高,不能够在该文档中显示数据库连接的密码,所以我们找了很多种方式,但都不是很理想。其中有一种方式是利用私钥对app.config进行加密,但该种方式只适用于本机,当拷贝的其他机器是会出现解析错误。请问有否高手知道怎么对该文件进行加密,并能够很轻松的复制到各台终端,自动解密该文件并可以使用该文件的配置。 --------------------编程问答-------------------- 把连接数据库的密码会明文加密然后再保存,使用的时候再解开。 --------------------编程问答-------------------- 可以使用加密的方法把密码加密后保存,在使用密码的地方把加密的字符串再解开使用。而不是对文件加密。 --------------------编程问答-------------------- 配置文件中:
<add key="OleDBConnString" value="provider=microsoft.jet.oledb.4.0;data source={0}\DataBase\PsiDB.mdb;Persist security Info=false;user id=admin;password={1};" />
<add key="OleDBConnPwd" value="加密后的数据库密码" />
运行时:
将 {1} 替换成 OleDBConnPwd 解密后的值.
加密解密:
#region DES 加密/解密
private static byte[] key = ASCIIEncoding.ASCII.GetBytes("qwer/.,m");
private static byte[] iv = ASCIIEncoding.ASCII.GetBytes("9ijn6tfc");
/// <summary>
/// DES加密。
/// </summary>
/// <param name="inputString">输入字符串。</param>
/// <returns>加密后的字符串。</returns>
public static string DESEncrypt(string inputString)
{
if (inputString.Trim() == string.Empty)
return "";
MemoryStream ms = null;
CryptoStream cs = null;
StreamWriter sw = null;
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
try
{
ms = new MemoryStream();
cs = new CryptoStream(ms, des.CreateEncryptor(key, iv), CryptoStreamMode.Write);
sw = new StreamWriter(cs);
sw.Write(inputString);
sw.Flush();
cs.FlushFinalBlock();
return Convert.ToBase64String(ms.GetBuffer(), 0, (int)ms.Length);
}
finally
{
if (sw != null) sw.Close();
if (cs != null) cs.Close();
if (ms != null) ms.Close();
}
}
/// <summary>
/// DES解密。
/// </summary>
/// <param name="inputString">输入字符串。</param>
/// <returns>解密后的字符串。</returns>
public static string DESDecrypt(string inputString)
{
if (inputString.Trim() == string.Empty)
return "";
MemoryStream ms = null;
CryptoStream cs = null;
StreamReader sr = null;
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
try
{
ms = new MemoryStream(Convert.FromBase64String(inputString));
cs = new CryptoStream(ms, des.CreateDecryptor(key, iv), CryptoStreamMode.Read);
sr = new StreamReader(cs);
return sr.ReadToEnd();
}
finally
{
if (sr != null) sr.Close();
if (cs != null) cs.Close();
if (ms != null) ms.Close();
}
}
#endregion --------------------编程问答-------------------- 楼上的方法我也想到了,就是自己先加密,在程序启动,未调用数据库的时候,在解密该配置文件。但是这个方法太龌龊了,太易做图了,呵呵。2.0其实提供了好办法,就是公钥加密。但是该种方法操作起来比较繁琐。谁搞过该种方法哪? --------------------编程问答-------------------- 可以使用加密的方法把密码加密后保存,在使用密码的地方把加密的字符串再解开使用。而不是对文件加密。
--------------------编程问答-------------------- 简单的可以base64加\解密:
public string encodebase64(string code_type, string code)
{
string encode = "";
byte[] bytes = Encoding.GetEncoding(code_type).GetBytes(code);
try
{
encode = Convert.ToBase64String(bytes);
}
catch
{
encode = code;
}
return encode;
}
public string decodebase64(string code_type, string code)
{
string decode = "";
byte[] bytes = Convert.FromBase64String(code);
try
{
decode = Encoding.GetEncoding(code_type).GetString(bytes);
}
catch
{
decode = code;
}
return decode;
} --------------------编程问答-------------------- 关注... --------------------编程问答-------------------- 加密后的字符串怎么复到app.config中哪,能付到上面吗? --------------------编程问答-------------------- 我以前开发的系统中有这个部分。是在machine.config中设置加密类。系统接口将自动调用,并实施解密。密玥如何存放就看你自己的想法了。但是该方法也有一个很明显的不足。就是在打包安装时候。需要更新machine.config文件。后经改进。重写加密类。转而调用自己的解密函数。这样就不用修改machine.config了。具体的操作请查相关文档。好久了。想布起来了
平台:winxp,frm2.0,winform --------------------编程问答-------------------- 那就公布一下 呵呵 我现在很需要 --------------------编程问答-------------------- 因为数据量很小
建议证书加密解密 --------------------编程问答-------------------- 还有人用过强签名公钥加密的吗? --------------------编程问答-------------------- 自己顶 --------------------编程问答-------------------- mark --------------------编程问答-------------------- 可以给字符串加密。或者给app.config加密。具体方法可去msdn上找。 --------------------编程问答-------------------- 没有知道的吗? --------------------编程问答-------------------- mark --------------------编程问答-------------------- 以前在MSDN上看过.专门有一种方法是对配置文件进行保护的...
LS可以查一下... --------------------编程问答-------------------- 关注,顶下... --------------------编程问答-------------------- 顶一个 --------------------编程问答-------------------- 楼主,不用自己写加密解密的东西,微软的企业库的hands on labs中有这个例子,自己看看就知道了 --------------------编程问答-------------------- 这样吧,在PetShop4.0目录下有两个文件,分别是DecryptWebConfig.bat和EncryptWebConfig.bat
你将加密发拷到你的项目下运行EncryptWebConfig.bat(最好是部署后运行),你的web.config就被加密了,如果解密则运行DecryptWebConfig.bat
如果没有装PetShop,我发给你,留下E-mail --------------------编程问答-------------------- http://www.c-sharpcorner.com/Blogs/BlogDetail.aspx?BlogId=229 --------------------编程问答-------------------- DES加密不错,可以试试 --------------------编程问答-------------------- 看到了思归的方法,我实验一下,谢谢! --------------------编程问答-------------------- 关注,帮顶了 --------------------编程问答-------------------- ===============================
楼主 多虑了....
如果 要给 的配置文件 加密解密的 话.至少有上万种方法..
但是微软针对 配置文件提出了自己的解决方案 ..并不是 越强的加密算法就越实用
=================================================================
using System;
using System.Collections.Generic;
using System.Text;
namespace prjW
{
/// <summary>
/// 一个简单的基于BASE64 加密的编码和加密类..主要用于在本地配置文件中存储密码...
/// </summary>
class Simple
{
/// <summary>
/// 加密字符串,返回 64位编码的字符串
/// </summary>
/// <param name="text"></param>
/// <returns></returns>
public static string Encrypt(string text)
{
try
{
//将明文转换为 ASCII 字节数组
byte[] bytes = Encoding.ASCII.GetBytes(text);
return Convert.ToBase64String(bytes, 0, bytes.Length);
}
catch (Exception ex)
{
System.Diagnostics.Debug.WriteLine(ex.Message);
return string.Empty;
}
}
public static string Decrypt(string text)
{
try
{
// 将 64位整数组成的字符串转换为8位无符号整数数组
byte[] bytes = Convert.FromBase64String(text);
// 返回解码候的字符串
return Encoding.ASCII.GetString(bytes, 0, bytes.Length);
}
catch (Exception ex)
{
System.Diagnostics.Debug.WriteLine(ex.Message);
return string.Empty;
}
}
}
}
--------------------编程问答-------------------- 加密都会加密,不要在写加密程序了。有能力的看一下,是公钥加密app.config,一般加密根本在企业类库上应用不了。老大们! --------------------编程问答-------------------- up --------------------编程问答-------------------- up --------------------编程问答-------------------- up --------------------编程问答-------------------- 没有人会吗 --------------------编程问答-------------------- up一下,呵呵 --------------------编程问答-------------------- up --------------------编程问答-------------------- up,200银两,没人取吗? --------------------编程问答-------------------- 用了企业库这个问题很好结决啊,下面是企业库的 hands on labs 给出的示例,企业库确实是个好东西啊。解决问题了别忘了给分啊。
Exercise 3: Encrypting Connection Information
In this exercise, you will encrypt the configuration to prevent 'connection string discovery' by someone copying the application configuration file.
First step
Open the DataEx3.sln file, and build the solution.
Encrypt the Database Configuration
The .NET Framework version 2.0 natively supports protected configuration via the Configuration namespace.
You can use protected configuration to encrypt sensitive information, including user names and passwords, database connection strings, and encryption keys, in an application configuration file. Encrypting configuration information can improve the security of your application by 易做图 it difficult for an attacker to gain access to the sensitive information even if the attacker gains access to your configuration file.
Encryption and decryption is performed using a ProtectedConfigurationProvider class. The following list describes the protected configuration providers included in the .NET Framework:
DPAPIProtectedConfigurationProvider. Uses the Windows Data Protection API (DPAPI) to encrypt and decrypt data.
RsaProtectedConfigurationProvider. Uses the RSA encryption algorithm to encrypt and decrypt data.
Both providers offer strong encryption of data; however, if you are planning to use the same encrypted configuration file on multiple servers, such as a Web farm, only the RsaProtectedConfigurationProvider enables you to export the encryption keys used to encrypt the data and import them on another server.
By default, RSA key containers are tightly protected by NTFS access control lists (ACLs) on the server where they are installed. This improves the security of the encrypted information by restricting who can access the encryption key.
Note: Encrypted configuration information is decrypted when loaded into the memory that is used by your application. If the memory for your application is compromised, the sensitive information from your protected configuration section might be compromised as well.
Select the ProductMaintenance project. Select the Project | Add Reference … menu command. Select the .NET tab and select the following assembly.
System.Configuration.dll.
Select the Program.cs file in the Solution Explorer. Select the View | Code menu command. Add the following namespace inclusion to the list of namespaces at the top of the file:
using System.Configuration;
Add the following code to the ProtectConfiguration method.
static void ProtectConfiguration()
{
// TODO: Protect the Connection Strings
string provider = "RsaProtectedConfigurationProvider";
Configuration config = null;
config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
ConfigurationSection section = config.ConnectionStrings;
if ((section.SectionInformation.IsProtected == false) &&
(section.ElementInformation.IsLocked == false))
{
// Protect (encrypt) the "connectionStrings" section.
section.SectionInformation.ProtectSection(provider);
// Save the encrypted section.
section.SectionInformation.ForceSave = true;
config.Save(ConfigurationSaveMode.Full);
}
}Run the application
Select the Debug | Start Without Debugging menu command to run the application.
Note that it behaves the same as in the previous exercise.
Open the ProductMaintenance.exe.config file in the project bin\Debug directory located here. Note the connection strings are encrypted.
--------------------编程问答-------------------- MARK~ --------------------编程问答-------------------- 遇到过这个问题,后来在网上找到了答案,共享一下。
http://blog.csdn.net/guyehanxinlei/archive/2007/09/10/1779096.aspx --------------------编程问答-------------------- 还有一个
http://msdn2.microsoft.com/zh-cn/library/aa302404.aspx --------------------编程问答-------------------- 建议采用根据到处密匙重新生成key的做法 --------------------编程问答-------------------- mark --------------------编程问答-------------------- 神经病 --------------------编程问答-------------------- UP --------------------编程问答-------------------- --------------------编程问答-------------------- 学习了,顶一下。 --------------------编程问答-------------------- 如果使用企业库这些方法是否可行呢? --------------------编程问答-------------------- 请问:你的问题怎么解决的啊?我们现在的问题和你以前遇到的问题一样,客户要求不在文档中显示数据库连接的密码等···也看了一些方法,都不是很合适···期待你的回答,谢谢喽!
补充:.NET技术 , C#
