我如何知道.NET C#中是否更改了文件?
[英]How can I know if a file has been changed in .NET C#?
问题描述
I have an application that requires a secure way to store its configuration. 
我有一个应用程序,需要一种安全的方式来存储其配置。 There are users that can change the configuration. 有些用户可以更改配置。 I need some sort of signature scheme where I can verify that the config file has not changed with out a valid user. 我需要某种签名方案,我可以验证配置文件没有更改,没有有效的用户。 I had thought about using RSA, where the private key is encrypted with the users password, and the public key is used to sign the config. 我曾考虑使用RSA,其中私钥使用用户密码加密,公钥用于签署配置。 However there is nothing to prevent someone from changing the user file and adding their own public key, thus circumventing my security. 但是,没有什么可以阻止某人更改用户文件并添加自己的公钥,从而规避我的安全性。 Any ideas? 有任何想法吗?
5 个解决方案
解决方案1
4 2010-03-11 16:54:18
You could just keep the file encrypted, and only allow editing from within your application. 您可以保持文件加密,只允许在您的应用程序中进行编辑。 This would prevent users from editing the configuration from any tool other than yours, which could do the authentication to verify that the user is a "valid user". 这将阻止用户从您之外的任何工具编辑配置,这可以进行身份验证以验证用户是否为“有效用户”。
解决方案2
4 2010-03-11 17:21:40
Of all the methods listed, key management is the true weakness on a client machine. 在列出的所有方法中,密钥管理是客户端计算机上的真正弱点。 The key is required to decrypt. 密钥需要解密。 Using another key to encrypt that key is no stronger. 使用另一个密钥加密该密钥并不强。 Obfuscation is a start. 混淆是一个开始。
What I use is a separate assembly that contains our encryption code. 我使用的是一个包含加密代码的独立程序集。 The key is then stored via a technique called Steganography . 然后通过称为Steganography的技术存储密钥。 I encode the key in the logo of application. 我在应用程序的徽标中编码密钥。 This key is then encrypted using a known value of the software. 然后使用已知的软件值对该密钥进行加密。 In one case, it may be the checksum of a specific assembly. 在一种情况下,它可能是特定程序集的校验和。 Thus anyone that makes any change to that file will break the system. 因此,对该文件进行任何更改的任何人都将破坏系统。 This is by no means any more secure, but its all about hiding details. 这绝不是更安全,而是关于隐藏细节。 and raising the level of difficulty from casual to determined. 并将难度从无休到提高。 From there, I then run the assembly through an obfuscator and string encryptor. 然后,我通过混淆器和字符串加密器运行程序集。 This breaks Reflector with a crash when attempting to view the assembly and thus makes its more difficult to learn what is going on. 在尝试查看程序集时,这会使Reflector崩溃,因此更难以了解正在发生的事情。
The issue with these strategies, is that if you attach an debugger then you get the data in the clear since you may store the values in a string after the encryption/decryption process. 这些策略的问题在于,如果您附加调试器,那么您将获得明确的数据,因为您可以在加密/解密过程之后将值存储在字符串中。 To combat this, but not eliminate, I use the System.Security.SecureString class and do not keep data in the clear. 为了解决这个问题,但没有消除,我使用System.Security.SecureString类,并且不保持数据清晰。
The goal is to break reflector, stop simple attacks of just using the .NET Framework to decrypt the data, stop dictionary attacks by employing a random salt, allow easy string handling by URLEncoding the encrypted buffer, proper use of an Initialization Vector. 目标是打破反射器,停止仅使用.NET Framework解密数据的简单攻击,通过使用随机盐来停止字典攻击,通过URLE编码加密缓冲区允许简单的字符串处理,正确使用初始化向量。
解决方案3
0 2010-03-11 16:56:33
There is no way to fully secure a stand-alone Client application. 无法完全保护独立客户端应用程序。 The only way would be to do a checksum on the file and validate it to a/the server. 唯一的方法是对文件执行校验和并将其验证到/服务器。 The method of signing the file is less important than how you verify what is in fact signed. 签名文件的方法不如验证实际签名的方式重要。
A start to securing the client application is with Obfuscation . 使用Obfuscation开始保护客户端应用程序。 Thereafter your encryption is next in line. 此后,您的加密就在下一步。
For the actual signature, even a SHA series of hashes should do the job for you. 对于实际签名,即使SHA系列哈希也应该为您完成工作。 An example using SHA512 is as follows: 使用SHA512的示例如下:
FileStream fs = new FileStream(@"<Path>", FileMode.Open);
using (SHA512Managed sha512 = new SHA512Managed ())
{
byte[] hash = sha512.ComputeHash(fs);
string formatted = string.Empty;
foreach (byte b in hash)
{
formatted += b.ToString("X2");
}
}
解决方案4
0 2010-03-11 16:57:10
These contradicts: 这些矛盾:
- "I can verify that the config file has not changed with out a valid user" “我可以通过有效用户验证配置文件没有更改”
- "there is nothing to prevent someone from changing the user file" “没有什么可以防止有人更改用户文件”
You should just find a way to protect your "user file" first. 您应该首先找到保护“用户文件”的方法。 By encrypting it with a key nobody can edits (except determined crackers) or otherwise. 通过密钥加密,没有人可以编辑(除了确定的破解者)或其他。 And then your RSA scheme will work. 然后你的RSA计划将起作用。
Do note that, however, there is NO way to protect an application that runs entirely on the client from a determined cracker. 但请注意, 没有办法保护完全在客户端上运行的应用程序来自确定的破解者。
For most applications, though, you DON'T need perfect security. 对于大多数应用程序,不过,你并不需要绝对的安全。 Maybe you should think about how much security is actually "enough" for your application first. 也许您应该先考虑一下您的应用程序实际上“足够多”的安全性。
If you, however, needed perfect security, then you might need to add a server-side component OR add human-intervention into the process such as having an administrator controls the user file. 但是,如果您需要完美的安全性,则可能需要添加服务器端组件或在流程中添加人工干预,例如让管理员控制用户文件。
Encrypt the "user file" with the admin's passwords. 使用管理员密码加密“用户文件”。 And then whenever someone wants to change the user file, the administrator's consent is then needed. 然后,只要有人想要更改用户文件,就需要管理员的同意。
解决方案5
0 2010-03-11 17:14:08
I think what I will do is keep a private key(A) in the office. 我想我要做的是在办公室保留一把私钥(A)。 I will ship the app with an public private pair(B), signed with the private(A) that only I know. 我将使用公共私人对(B)发送应用程序,与我知道的私人(A)签名。 I will use the public private pair(B) I ship to sign everything on the config files. 我将使用我发送的公共私人对(B)来签署配置文件中的所有内容。 Thus there will be a verifiable set of RSA keys(B), that can't be change, because the private key(A) used to verify them is in the office, and the public key(A) is hard coded. 因此,将存在可验证的一组RSA密钥(B),其不能改变,因为用于验证它们的私钥(A)在办公室中,并且公钥(A)是硬编码的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.