问题
A lot of threats talk about how to encrypt passwords, symetric and asymetric encryption etc...
I have a simple probem. If I require the user to type the password every time he wishes to connect to the sqlite database then everything is ok.
Now the problem is that I want to store the password in the application so that the user does not have to type it every time he wishes to connect to the sqlite database.
I know I can encrypt the password and store the password encrypted anywhere. But then that means that I will need to store the second password to decrypt that password somewhere else.
I could keep repeating this process and encrypt the second password but then I will be left again with a unencrypted password that I need to unencrypt that password.
So my question is... where should I store that final password that I need to unencrypt other password? where will be the safest place to place that password?
If you dont understand the last part, here is an example of what I tried to explain on the last part:
let's say:
password to open database is: 1234
then I will encrypt that password with the key someKey and let's say that gives abcd
if I then unencrypt abcd with the key someKey I should get 1234
I could encrypt abcd again with the key someKey and I may get xy#8
finally if I will be able to get the 1234 password by unencrypting xy#8 with the key someKey then I will get abcd I will then unencrypt that with the same key someKey in order to get 1234
so it does not matter how many times I repeat this process I will always end up with some unencrypted key someKey somewhere in the application. The only way I will not be required to store that key is if I require the user to provide a password every time he whishes to connect to the database.
where will be the safest place to store the string someKey in the application as hidden as possible?
回答1:
You should encrypt the password using the ProtectedData class.
This will have Windows store the key for you.
If you specify per-user encryption and the user has a login password, Windows will use the login password to create its encryption key.
For more info, read about DPAPI.
来源:https://stackoverflow.com/questions/9286398/store-password-in-application