How to store a RijndaelManaged generated KEY and IV in the database for later use?
https://stackoverflow.com/questions/11569891
-
22-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Let me start by saying....yes I have read tons of posts on here in the last two days. No, I don't know anything about encryption, so don't bother...with the you shouldn't playing with fire comments..
I have a asp.net MVC3 application and want to encrypt the photos that users upload using a key for each user. I want to save this key and use it for any further uploads by the same user and for the decryption. (Although, I suppose I could store a key for each photo instead, not really relevant to this problem but...)
I started with the code from here: http://www.codeproject.com/Articles/33344/Photo-Video-Viewer-with-Encryption-Capability
It works fine. It encrypts the photos and decrypts them to a new file and all is well. The "on the fly version" also works and returns a MemoryStream that I can use for my WebImage. However, as you can see the example is encrypting and decrypting in one pass and the key is a global variable (I don't know what it was, I just used the autogenerated key when I tested.
So, I need someone to tell me how to store the generated key (and IV I guess??? Told you I know nothing about enc...) in the database for each user and then pull that (those) value(s) back out to use for on the fly decryption. I am not going to bother to post all my code yet, as it is almost identical to what is on the above site.
I read another post on here and it said to use:
string x = Convert.ToBase64String(RMCrypto.Key);
Then when I wanted to decrypt I used:
RMCrypto.Key = Convert.FromBase64String(x);
I stored both the key and IV in this manner in my SQL DB, but when I pull the values and try to decrypt I get an error that the data is not the expected length.
Maybe I'm totally off base or maybe it's three lines of code... Please let me know if more information is needed.
Thanks!
Solution
You can store them as binary columns values. That being said the protection of encrypted data is only as safe as the key protecting it. In other words storing the key with the data your protecting is sorta fox guarding the hen house kind of thing. But if your not worried about it for things like PCI compliance then it's probably not too bad a deal.
How you might convert it to binary
private void UpdateDb(byte[] key, byte[] iv)
{
using (SqlConnection db = new SqlConnection(connectionString))
using (SqlCommand cmd = new SqlCommand("insert into (key, iv) values (@key, @iv)", db))
{
db.Open();
cmd.Parameters.AddWithValue("@key", key);
cmd.Parameters.AddWithValue("@iv", iv);
cmd.ExecuteNonQuery();
}
}
To make it a little harder you could generate a new key and IV for each record (image) your protecting and then store that so that if someone we're to get one key at least they wouldn't have all your data wide open. Good luck!
OTHER TIPS
You should store the actual byte arrays (yes; both key and IV) in the database.
You don't need strings at all.
