C# 如何在 .NET 应用程序中隐藏加密密钥?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/619921/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do you hide an encryption key in a .NET application?
提问by user74824
I'm developing an intranet application (C#) that uses some data (local to the web server) that we'd like to keep private. This data is encrypted (AES) using a legacy data repository. We can't totally prevent physical access to the machine.
我正在开发一个 Intranet 应用程序 (C#),它使用一些我们希望保密的数据(Web 服务器的本地数据)。此数据使用旧数据存储库加密 (AES)。我们不能完全阻止对机器的物理访问。
Clearly, we're never going to have perfect security here. However, we want to make it as hard as possible for anyone to gain unauthorized access to the data.
显然,我们永远不会在这里拥有完美的安全性。但是,我们希望让任何人都尽可能难以未经授权访问数据。
The question is how best to store the key. Encrypting it based on some machine specific ID is an option, but that information would be readily available to anyone running a diagnostic tool on the machine.
问题是如何最好地存储密钥。根据某些特定于机器的 ID 对其进行加密是一种选择,但是在机器上运行诊断工具的任何人都可以轻松获得该信息。
Encoding it in the application is an option (it's a one off application). However, .NET assemblies are pretty easy to decompile. So, would it be best to obfuscate it, use an encryption launcher, compile it?
在应用程序中对其进行编码是一种选择(它是一次性应用程序)。但是,.NET 程序集很容易反编译。那么,最好混淆它,使用加密启动器,编译它吗?
Or is there an option I'm missing?
还是我缺少一个选项?
Just so we're clear, I know it's pretty much a lost cause if someone is determined, but we're looking to make it as hard as possible within the constraints.
只是我们很清楚,我知道如果有人下定决心,这几乎是一个失败的原因,但我们希望在限制范围内尽可能使其困难。
回答by FlySwat
Encryption is built into the .NET configuration system. You can encrypt chunks of your app/web.config file, including where you store your private key.
加密内置于 .NET 配置系统中。您可以加密 app/web.config 文件的块,包括您存储私钥的位置。
回答by Alun Harford
If somebody can just attach a debugger to your program, there is absolutely nothing you can do. They won't have to figure out your config, disassemble your app, etc. All they have to do is run the app - watch it use the key - bingo.
如果有人可以将调试器附加到您的程序,那么您绝对无能为力。他们不必弄清楚您的配置,反汇编您的应用程序等。他们所要做的就是运行应用程序 - 使用密钥观看它 - 宾果游戏。
Obfuscation is of no help under those conditions.
在这些情况下,混淆是没有帮助的。
The best defense is to use hardware to protect the key - which will do the crypto but not give out the key itself (and is sometimes hardened against attacks such as probing the wires, exposing the memory to low temperatures/radiation/other novel stuff). IBM do some appropriate stuff (google IBM-4764) but it's not cheap.
最好的防御是使用硬件来保护密钥——这将进行加密,但不会发出密钥本身(有时会加强防御攻击,例如探测电线、将内存暴露在低温/辐射/其他新事物中) . IBM 做了一些适当的事情(谷歌 IBM-4764),但它并不便宜。
回答by awdz9nld
Speaking in obfuscation terminology, what you are after is called constant hiding, i.e. a means by which you transform a constant into, say, a number of functions and calculations that are executed at runtime to re-materialize said constant.
用混淆术语来说,您所追求的称为常量隐藏,即一种将常量转换为多个函数和计算的方法,这些函数和计算在运行时执行以重新实现所述常量。
This still falls within the domain of obfuscation, however, and is susceptible to either code extraction, where the attacker simply maps out the code relevant to this constant, and runs it in a separate application to retrieve the value; or dumping the application's memory at the right point in order to scan it for the desired value.
然而,这仍然属于混淆领域,并且容易受到代码提取的影响,攻击者只需映射出与该常量相关的代码,然后在单独的应用程序中运行它来检索值;或者在正确的点转储应用程序的内存,以便扫描它以获得所需的值。
There is another, slightly more advanced method of hiding crypto keys in particular, called White-box cryptography, which employs key-less ciphers through essentially generating a cipher function from a given key, baking them together. As the name suggests, this method has been devised to be resilient even in a white-box attack scenario (the attacker has access to the bytecode and is able to inspect and manipulate the executable at runtime).
还有另一种稍微高级的隐藏加密密钥的方法,特别是称为白盒密码术,它通过从给定的密钥生成密码函数,将它们组合在一起来使用无密钥密码。顾名思义,这种方法即使在白盒攻击场景中也具有弹性(攻击者可以访问字节码并能够在运行时检查和操作可执行文件)。
These are both quite advanced methods of achieving security through obscurity, and it might be worth considering alternative models which do not force you to do this in the first place.
这些都是通过默默无闻实现安全性的非常先进的方法,并且可能值得考虑替代模型,这些模型首先不会强迫您这样做。
