C# 如何安全存储不变的密码？

Question

I've been looking at this all morning and I'm getting to the point I cannot see the wood forthe trees so looking to the community for suggestion and clear thought.

I'm writing an application which will read data from a password protected Zip file supplied by a third party. This format will not change (so suggestions to do so cannot be entertained) and neither will the password.

As the password on this Zip will always be the same my problem is where and how to store this password which is secure? I don't want to store it as a string in the code for obvious reasons. And as I need the actual password then storing the Hash of it isn't a route (I don't think).

I might be over thinking this and there is a simple option but like I say I've lost my tress in the wood:)

EDIT: To give more background to the constraints of this issue:

• The data I have to read is in the form of a encrypted zip files. The password for which is static (eg remains the same on all files)

• Many files might come through in a single day and non-regular intervals

• The user of the application does not know and not allowed to know the password of the zip file (typing in isn't an option)

• The application has to run as a Windows Service and process these
  files automatically as they are provided and without any user
  intervention.

• These files and the way they are delivered and formatted is by a 3rd party and I have no control to change these parameters

These are the contraints I've been given for the project and I need to provide a solution to it. I already know storing as a string in the code is WRONG. Repeating this as your reply is not an answer!

Thank you to the community for your help:)

Answer 1

Nowhere. THERE IS NO WAY TO STORE A PASSWORD IN A SAFE WAY AND STILL USE IT. And yes, this is all caps. You can try to mitigate the damage, but at the end if your app can decode whatevery you use to store the password, then so can a hacker.

CODE is a bad place - not for security, but because it is REALLY unchangeable. But otherwise - no way. Simple. People tried hiding things since computers where invented. Never worked.

Answer 2

I would suggest here one thing.

You can not store the password directly in your application.

You can always make it a combination of something like date of birth + first 4 characters of first name + some other information

Answer 3

It's possible to encrypt sections in the configuration file . The tool only works with web.config files, so if you have another type of application simply rename the app.config to web.config before running the command and change back to app.config afterwards.

Using machine store essentially restricts access to administrators on the machine, and using user store restricts access to only the account that performed the encryption command.

To encrypt with machine store:

To encrypt:

aspnet_regiis.exe -pef "sectionName" "C:\Path\To\Application" -prov "DataProtectionConfigurationProvider"

To decrypt:

aspnet_regiis.exe -pdf "sectionName" "C:\Path\To\Application"

To encrypt with user store

Add this section to the config file:

<configProtectedData>
        <providers>
            <add useMachineProtection="false"
                 keyEntropy=""
                 name="CustomDataProtectionConfigurationProvider"
                 type="System.Configuration.DpapiProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
            />      
        </providers>
</configProtectedData>

To encrypt:

aspnet_regiis.exe -pef "sectionName" "C:\Path\To\Application" -prov "CustomDataProtectionConfigurationProvider"

To decrypt:

aspnet_regiis.exe -pef "sectionName" "C:\Path\To\Application" -prov "CustomDataProtectionConfigurationProvider"

Note for user store

Since only the user running the command can access/decrypt the data the application will need a dedicated service account, and to run commands as that user runas /profile /user:theusername cmd can be used to start a command prompt as another user