The registry represents one possible location for an application to store database connection strings. Although individual registry keys can be secured with Windows aclearcase/" target="_blank" >ccess control lists (ACLs), for added security you should store encrypted connection strings.
This How To describes how to store an encrypted database connection string in the registry and retrieve it from an ASP.NET Web application. It uses the generic encryption and decryption managed class library created in How to: Create an Encryption Library, which can be found in Reference section of this guide.
If you have not already created the encryption class library assembly, do so before continuing with the current How To.
For more information about other locations and ways of securely storing database connection strings, see Storing Database Connection Strings Securely in Chapter 12, "Data Access Security."
HKEY_LOCAL_MACHINE\Software\TestApplication
The following items describe the recommended hardware, software, network infrastructure, skills and knowledge, and service packs you will need.
The procedures in this article also require that you have knowledge of the Microsoft Visual C#?development tool.
This How To includes the following procedures:
This procedure creates a Windows application that will be used to encrypt a sample database string and store it in the registry.
To store the encrypted data in the registry
To create this assembly, you must perform the steps described in How To: Create an Encryption Library in the Reference section of this guide.
using Encryption; using System.Text; using Microsoft.Win32;
Table 1. EncryptionTestApp controls
Control | Text | ID |
---|---|---|
Label | Connection String: | |
TextBox | txtConnectionString | |
Label | Key: | |
TextBox | txtKey | |
Label | Initialization Vector: | |
TextBox | txtInitializationVector | |
Label | Encrypted String | |
TextBox | txtEncryptedString | |
Label | Decrypted String | |
TextBox | txtDecryptedString | |
Button | Encrypt | btnEncrypt |
Button | Decrypt | btnDecrypt |
Button | Write Registry Data | btnWriteRegistryData |
Figure 1. Encryption Test Harness dialog box
"Server=local; database=pubs; uid=Bob; pwd=Password"
"0123456789012345"
The key length is 16 bytes to suite the Triple DES encryption algorithm.
"Encryption Test Harness"
try { // Create the encryptor object, specifying 3DES as the // encryption algorithm Encryptor enc = new Encryptor(EncryptionAlgorithm.TripleDes); // Get the connection string as a byte array byte[] plainText = Encoding.ASCII.GetBytes(txtConnectionString.Text); byte[] key = Encoding.ASCII.GetBytes(txtKey.Text); // Perform the encryption byte[] cipherText = enc.Encrypt(plainText, key); // Store the intialization vector, as this will be required // for decryption txtInitializationVector.Text = Encoding.ASCII.GetString(enc.IV); // Display the encrypted string txtEncryptedString.Text = Convert.ToBase64String(cipherText); } catch(Exception ex) { MessageBox.Show("Exception encrypting: " + ex.Message, "Encryption Test Harness"); }
try { // Set up the Decryptor object Decryptor dec = new Decryptor(EncryptionAlgorithm.TripleDes); // Set the Initialization Vector dec.IV = Encoding.ASCII.GetBytes(txtInitializationVector.Text); byte[] key = Encoding.ASCII.GetBytes(txtKey.Text); // Perform the decryption byte[] plainText = dec.Decrypt(Convert.FromBase64String( txtEncryptedString.Text), key); // Display the decrypted string. txtDecryptedString.Text = Encoding.ASCII.GetString(plainText); } catch(Exception ex) { MessageBox.Show("Exception decrypting. " + ex.Message, "Encryption Test Harness"); }
// Create registry key and named values RegistryKey rk = Registry.LocalMachine.OpenSubKey("Software",true); rk = rk.CreateSubKey("TestApplication"); // Write encrypted string, initialization vector and key to the registry rk.SetValue("connectionString",txtEncryptedString.Text); rk.SetValue("initVector",Convert.ToBase64String( Encoding.ASCII.GetBytes(txtInitializationVector.Text))); rk.SetValue("key",Convert.ToBase64String(Encoding.ASCII.GetBytes( txtKey.Text))); MessageBox.Show("The data has been successfully written to the registry");
The encrypted connection string is displayed in the Encrypted String field.
The original string is displayed in the Decrypted String field.
HKLM\Software\TestApplication
Confirm that encoded values are present for the connectionString, initVector and key named values.
This procedure develops a simple ASP.NET Web application that will retrieve the encrypted connection string from the registry and decrypt it.
To create an ASP.NET application
To create this assembly, you must perform the steps described in How To: Create an Encryption Library in the Reference section of this guide.
using Encryption; using System.Text; using Microsoft.Win32;
Table 2: WebForm1.aspx controls
Control | Text | ID |
---|---|---|
Label | lblEncryptedString | |
Label | lblDecryptedString | |
Button | Get Connection String | btnGetConnectionString |
RegistryKey rk = Registry.LocalMachine.OpenSubKey( @"Software\TestApplication",false); lblEncryptedString.Text = (string)rk.GetValue("connectionString"); string initVector = (string)rk.GetValue("initVector"); string strKey = (string)rk.GetValue("key"); Decryptor dec = new Decryptor(EncryptionAlgorithm.TripleDes ); dec.IV = Convert.FromBase64String(initVector); // Decrypt the string byte[] plainText = dec.Decrypt(Convert.FromBase64String( lblEncryptedString.Text), Convert.FromBase64String(strKey)); lblDecryptedString.Text = Encoding.ASCII.GetString(plainText);
The encrypted and decrypted connection strings are displayed on the Web form.