.net - Changing the Shared Secret in AES Encryption -


i have used advanced encryption standard (aes) encrypt data before storing them database. understanding, if change "shared secret" part of algorithm, have update of stored data accordingly. there other way me give admin user opportunity update key without needing update huge volume of stored data while doing so?

following code i'm using encryption:

public static string encryptstringaes(string plaintext, string sharedsecret)     {         if (string.isnullorempty(plaintext))             throw new argumentnullexception("plaintext");         if (string.isnullorempty(sharedsecret))             throw new argumentnullexception("sharedsecret");          string outstr = null;                       // encrypted string return         rijndaelmanaged aesalg = null;              // rijndaelmanaged object used encrypt data.          try         {             // generate key shared secret , salt             rfc2898derivebytes key = new rfc2898derivebytes(sharedsecret, _salt);              // create rijndaelmanaged object             aesalg = new rijndaelmanaged();             aesalg.key = key.getbytes(aesalg.keysize / 8);              // create decryptor perform stream transform.             icryptotransform encryptor = aesalg.createencryptor(aesalg.key, aesalg.iv);              // create streams used encryption.             using (memorystream msencrypt = new memorystream())             {                 // prepend iv                 msencrypt.write(bitconverter.getbytes(aesalg.iv.length), 0, sizeof(int));                 msencrypt.write(aesalg.iv, 0, aesalg.iv.length);                 using (cryptostream csencrypt = new cryptostream(msencrypt, encryptor, cryptostreammode.write))                 {                     using (streamwriter swencrypt = new streamwriter(csencrypt))                     {                         //write data stream.                         swencrypt.write(plaintext);                     }                 }                 outstr = convert.tobase64string(msencrypt.toarray());             }         }                 {             // clear rijndaelmanaged object.             if (aesalg != null)                 aesalg.clear();         }          // return encrypted bytes memory stream.         return outstr;     }

if data encrypted using 1 key ("key a"), way change key (so can decrypted e.g. "key b") decrypt all data using "key a" , re-encrypt using "key b".

i believe general technique used avoid issue encrypt data using strong "master key", encrypt master key using user's key. result, changing password requires decrypting , re-encrypting master key old , new keys (respectively), data remaining unchanged.

you don't mention database you're using, worth noting many database servers support automatic data encryption, data stored on-disk in encrypted format, , cannot decrypted , accessed unless authorised user.

if database server you're using supports this, worthwhile investigating. being transparent, no longer have worry manually encrypting/decrypting within code, , support key changing, data recovery functions (should users forget passwords etc.)


Comments

Post a Comment

Popular posts from this blog

monitor web browser programmatically in Android? -

i've got tricky question here. need users make payment bank (namely barclaycard) in uk. so, have https url , add parameters (such amount pay, order reference, etc) url, start http connection intent.actionview, redirect user browser can enter credit card details on bank's webpage , make payment our account successfully. far ? the code use below (i changed values privacy reasons) problem is, need app when user has completed/failed/cancelled payment. barclaycardautomatically redirects particular url when payment has succeeded, 1 if failed. there no way of knowing when barclaycard payment has succeeded go android app somehow ? button cardbutton = (button) findviewbyid(r.id.card_button); cardbutton.setonclicklistener(new view.onclicklistener() { @override public void onclick(view arg0) { string prehashstring = new string(); string prohashstring = new string(); string shapassphrase = new string(); shapassphrase = "gsvth£h70zkh
Read more

Shrink a YouTube video to responsive width -

i have youtube video embedded on our website , when shrink screen tablet or phone sizes stops shrinking @ around 560px in width. standard youtube videos or there can add code make go smaller? you can make youtube videos responsive css. wrap iframe in div class of "videowrapper" , apply following styles: .videowrapper { float: none; clear: both; width: 100%; position: relative; padding-bottom: 56.25%; padding-top: 25px; height: 0; } .videowrapper iframe { position: absolute; top: 0; left: 0; width: 100%; height: 100%; } the .videowrapper div should inside responsive element. padding on .videowrapper necessary keep video collapsing. may have tweak numbers depending upon layout.
Read more

wpf - PdfWriter.GetInstance throws System.NullReferenceException -

i'm trying create pdf document using itextsharp 5.3.4 using following document document = new document(); filestream stm = new filestream(filename, filemode.create); pdfwriter writer = pdfwriter.getinstance(document, stm); i'm getting system.nullreferenceexception following stack trace: system.nullreferenceexception occurred hresult=-2147467261 message=la référence d'objet n'est pas définie à une instance d'un objet. source=itextsharp stacktrace: à itextsharp.text.version.getinstance() innerexception: i've verified neither document nor stm null, , if select "continue" in vs12 document created - exception thrown. updated itextsharp 5.4.0 , it's still occurring. can't find information on anywhere - got ideas? make sure not catching exceptions. nullreferenceexception can 1 caught , handled inside itextsharp, don't care it. fact can continue supports theory. change following setting verify: debug -> exceptions
Read more