2

I have an application that requires a secure way to store its configuration. There are users that can change the configuration. I need some sort of signature scheme where I can verify that the config file has not changed with out a valid user. I had thought about using RSA, where the private key is encrypted with the users password, and the public key is used to sign the config. However there is nothing to prevent someone from changing the user file and adding their own public key, thus circumventing my security. Any ideas?

4

5 回答 5

4

在列出的所有方法中,密钥管理是客户端计算机的真正弱点。解密需要密钥。使用另一个密钥来加密该密钥并不强。混淆是一个开始。

我使用的是一个单独的程序集,其中包含我们的加密代码。然后通过称为隐写术的技术存储密钥。我将密钥编码在应用程序的徽标中。然后使用软件的已知值对该密钥进行加密。在一种情况下,它可能是特定程序集的校验和。因此,任何对该文件进行任何更改的人都会破坏系统。这绝不是更安全的,但它都是关于隐藏细节的。并将难度级别从随意提高到确定。然后,我通过混淆器和字符串加密器运行程序集。这会在尝试查看程序集时使 Reflector 崩溃,从而使其更难以了解正在发生的事情。

这些策略的问题在于,如果您附加了一个调试器,那么您就可以清楚地获得数据,因为您可以在加密/解密过程之后将值存储在一个字符串中。为了解决这个问题,但不是消除,我使用System.Security.SecureString类并且不保持数据清晰。

目标是打破反射器,阻止仅使用 .NET Framework 解密数据的简单攻击,通过使用随机盐来阻止字典攻击,通过对加密缓冲区进行 URLEncoding 来轻松处理字符串,正确使用初始化向量。

于 2010-03-11T17:21:40.523 回答
4

You could just keep the file encrypted, and only allow editing from within your application. This would prevent users from editing the configuration from any tool other than yours, which could do the authentication to verify that the user is a "valid user".

于 2010-03-11T16:54:18.330 回答
0

我想我要做的就是在办公室里保存一个私钥(A)。我将使用只有我知道的私有(A)签名的公共私有对(B)发布应用程序。我将使用我发布的公共私有对(B)对配置文件上的所有内容进行签名。因此将有一组可验证的 RSA 密钥 (B),不能更改,因为用于验证它们的私钥 (A) 在办公室中,而公钥 (A) 是硬编码的。

于 2010-03-11T17:14:08.270 回答
0

There is no way to fully secure a stand-alone Client application. The only way would be to do a checksum on the file and validate it to a/the server. The method of signing the file is less important than how you verify what is in fact signed.

A start to securing the client application is with Obfuscation. Thereafter your encryption is next in line.

For the actual signature, even a SHA series of hashes should do the job for you. An example using SHA512 is as follows:

FileStream fs = new FileStream(@"<Path>", FileMode.Open);

using (SHA512Managed sha512 = new SHA512Managed ())
{
    byte[] hash = sha512.ComputeHash(fs);

    string formatted = string.Empty;

    foreach (byte b in hash)
    {
         formatted += b.ToString("X2");
    }
}
于 2010-03-11T16:56:33.380 回答
0

These contradicts:

  • "I can verify that the config file has not changed with out a valid user"
  • "there is nothing to prevent someone from changing the user file"

You should just find a way to protect your "user file" first. By encrypting it with a key nobody can edits (except determined crackers) or otherwise. And then your RSA scheme will work.

Do note that, however, there is NO way to protect an application that runs entirely on the client from a determined cracker.

For most applications, though, you DON'T need perfect security. Maybe you should think about how much security is actually "enough" for your application first.

If you, however, needed perfect security, then you might need to add a server-side component OR add human-intervention into the process such as having an administrator controls the user file.

Encrypt the "user file" with the admin's passwords. And then whenever someone wants to change the user file, the administrator's consent is then needed.

于 2010-03-11T16:57:10.700 回答