加密SQL连接字符串

时间:2014-07-23 12:52:09

标签: c# asp.net encryption

我需要加密我的connectionString - 我尝试使用

运行命令提示符
aspnet_regiis.exe -pef “connectionStrings” C:\Projects\DemoApplication

它说不起作用

  

无法确定.Net Framework 32位的位置

  <connectionStrings>
    <add name="DefaultConnection" connectionString="Data Source = |SQL/CE|"/>
  </connectionStrings>

我找不到其他办法。

任何想法如何加密我的connectionString?

我正在使用VS 2012和.NET 4.5

2 个答案:

答案 0 :(得分:3)

我目前使用此自定义类

using System.Configuration; // Requires a reference to assembly System.Configuration

public static class ConfigurationEncryptor {
    [Flags]
    public enum ConfigurationSectionType {
        ConnectionStrings = 1,
        ApplicationSettings = 2
    }

    public static bool Encrypt(ConfigurationSectionType section) {
        bool result = false;

        Configuration config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
        if (config == null)
            throw new Exception("Cannot open the configuration file.");

        if (section.HasFlag(ConfigurationSectionType.ConnectionStrings)) {
            result = result || EncryptSection(config, "connectionStrings");
        }

        if (section.HasFlag(ConfigurationSectionType.ApplicationSettings)) {
            result = result || EncryptSection(config, "appSettings");
        }

        return result;
    }

    private static bool EncryptSection(Configuration config, string section) {
        ConfigurationSection currentSection = config.GetSection(section);
        if (currentSection == null)
            throw new Exception("Cannot find " + section + " section in configuration file.");
        if (!currentSection.SectionInformation.IsProtected) {
            currentSection.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
            config.Save();

            // Refresh configuration
            ConfigurationManager.RefreshSection(section);

            return true;
        }
        return false;
    }
}

并使用它:

ConfigurationEncryptor.Encrypt(
    ConfigurationEncryptor.ConfigurationSectionType.ApplicationSettings |
    ConfigurationEncryptor.ConfigurationSectionType.ConnectionStrings
    // Or just the app settings, or just the connection strings
);

答案 1 :(得分:1)

根据 http://forums.asp.net/t/1826319.aspx?Encrypt+web+config+connectionstring

您可以将加密移动到代码隐藏中:
http://weblogs.asp.net/sukumarraju/encrypt-and-decrypt-connectionstring-section-in-web-config

当然,您也可以滚动自己的加密,而不是使用Microsoft方式,只需将加密的密码放在连接字符串中。

Namespace MyOrg


    Public Class CryptStrings
        Protected Shared strKey As String = "lalalalala"
        Protected Shared TripleDESprovider As New System.Security.Cryptography.TripleDESCryptoServiceProvider
        Protected Shared MD5Hasher As New System.Security.Cryptography.MD5CryptoServiceProvider


        ' MyOrg.CryptStrings.DeCrypt("abc")
        Public Shared Function DeCrypt(ByVal strSourceText As String) As String
            Dim strReturnValue As String = Nothing

            Try
                TripleDESprovider.Key = MD5Hasher.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(strKey))
                TripleDESprovider.Mode = System.Security.Cryptography.CipherMode.ECB
                If Not strSourceText = "" Then
                    Dim DESdecryptor As System.Security.Cryptography.ICryptoTransform = TripleDESprovider.CreateDecryptor()
                    Dim baBuffer() As Byte = Convert.FromBase64String(strSourceText)
                    TripleDESprovider.Clear()
                    'DESdecryptor.Dispose()
                    strReturnValue = System.Text.ASCIIEncoding.ASCII.GetString _
                    (DESdecryptor.TransformFinalBlock(baBuffer, 0, baBuffer.Length))

                    Array.Clear(baBuffer, 0, baBuffer.Length)
                Else
                    strReturnValue = ""
                End If

                Return strReturnValue
            Catch ex As Exception
                'Me.Cursor() = Cursors.Default
                Logging.WriteLogFile("FEHLER", ex.Message)
                Logging.WriteLogFile("FEHLER", "-----------------------------------------------------------------")
                Logging.WriteLogFile("FEHLER", ex.StackTrace.ToString())
                Console.WriteLine(ex.Message.ToString() & vbLf & vbLf & ex.StackTrace.ToString, MsgBoxStyle.Critical, "FEHLER ...")
                Logging.WriteLogFile("MELDUNG", "-----------------------------------------------------------------")
                Logging.WriteLogFile("ENDE", "COR_DWG_Verwaltung beendet.")
            End Try

            Return strReturnValue
        End Function


        ' MyOrg.CryptStrings.Crypt("abc")
        Public Shared Function Crypt(ByVal strSourceText As String) As String
            Dim strReturnValue As String = Nothing
            Try

                TripleDESprovider.Key = MD5Hasher.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(strKey))
                TripleDESprovider.Mode = System.Security.Cryptography.CipherMode.ECB
                Dim DESencryptor As System.Security.Cryptography.ICryptoTransform = TripleDESprovider.CreateEncryptor()
                Dim baBuffer() As Byte = System.Text.ASCIIEncoding.ASCII.GetBytes(strSourceText)
                strReturnValue = Convert.ToBase64String _
                (DESencryptor.TransformFinalBlock(baBuffer, 0, baBuffer.Length))
                Array.Clear(baBuffer, 0, baBuffer.Length)
                Return strReturnValue
            Catch ex As Exception
                'Me.Cursor() = Cursors.Default
                Logging.WriteLogFile("FEHLER", ex.Message)
                Logging.WriteLogFile("FEHLER", "-----------------------------------------------------------------")
                Logging.WriteLogFile("FEHLER", ex.StackTrace.ToString())
                Console.WriteLine(ex.Message.ToString & vbLf & vbLf & ex.StackTrace.ToString, MsgBoxStyle.Critical, "FEHLER ...")
                Logging.WriteLogFile("MELDUNG", "-----------------------------------------------------------------")
                Logging.WriteLogFile("ENDE", "COR LDAP-Service beendet.")
            End Try

            Return strReturnValue
        End Function


        ' MyOrg.CryptStrings.GenerateHash("abc")
        Public Shared Function GenerateHash(ByVal strSourceText As String) As String

            Try
                Dim encUnicode As New System.Text.UnicodeEncoding
                Dim ByteSourceText() As Byte = encUnicode.GetBytes(strSourceText)
                Dim MD5_HashGenerator As New System.Security.Cryptography.MD5CryptoServiceProvider
                Dim ByteHash() As Byte = MD5_HashGenerator.ComputeHash(ByteSourceText)
                Return Convert.ToBase64String(ByteHash)
            Catch ex As Exception
                'Me.Cursor() = Cursors.Default
                Logging.WriteLogFile("FEHLER", ex.Message)
                Logging.WriteLogFile("FEHLER", "-----------------------------------------------------------------")
                Logging.WriteLogFile("FEHLER", ex.StackTrace.ToString)
                Console.WriteLine(ex.Message.ToString & vbLf & vbLf & ex.StackTrace.ToString, MsgBoxStyle.Critical, "FEHLER ...")
                Logging.WriteLogFile("MELDUNG", "-----------------------------------------------------------------")
                Logging.WriteLogFile("ENDE", "COR LDAP-Service beendet.")
            End Try

            Return Nothing
        End Function


    End Class 'CryptStrings


End Namespace ' MyOrg

之后,您将更改函数GetConnectionString

public string GetConnectionString()
{
    string old = GetOldConnectionString();
    var csb = new System.Data.SqlClient.SqlConnectionStringBuilder(old);
    csb.Password = MyOrg.CryptStrings.DeCrypt(csb.Password);
    return csb.ConnectionString;
}

C#-Version看起来像这样

using System;
using System.Collections;
using System.Collections.Generic;
using System.Data;
using System.Diagnostics;


namespace DB.Abstraction.Tools.Cryptography
{


    public class AES
    {
        protected static string strKey = "1b55ec1d96f637aa7b73c31765a12c2c8fb8b9f6ae8b14396475a20ed1a83dac";
        protected static string strIV = "d4e3381cdd39ddb70f85e96d11b667e5";


        public static string GetKey()
        {
            return strKey;
        } // End Sub GetKey


        public static string GetIV()
        {
            return strIV;
        } // End Sub GetIV


        public static void SetKey(ref string strInputKey)
        {
            strKey = strInputKey;
        } // End Sub SetKey 


        public static void SetIV(ref string strInputIV)
        {
            strIV = strInputIV;
        } // End Sub SetIV


        public static string GenerateKey()
        {
            System.Security.Cryptography.RijndaelManaged objRijndael = new System.Security.Cryptography.RijndaelManaged();

            objRijndael.GenerateKey();
            objRijndael.GenerateIV();

            byte[] bIV = objRijndael.IV;
            byte[] bKey = objRijndael.Key;
            objRijndael.Clear();

            return "IV: " + ByteArrayToHexString(bIV) + Environment.NewLine + "Key: " + ByteArrayToHexString(bKey);
        } // End Function GenerateKey



        public static string Encrypt(string strPlainText)
        {
            //Dim roundtrip As String
            //Dim encASCII As New System.Text.ASCIIEncoding()
            System.Text.Encoding enc = System.Text.Encoding.UTF8;
            System.Security.Cryptography.RijndaelManaged objRijndael = new System.Security.Cryptography.RijndaelManaged();
            //Dim fromEncrypt() As Byte
            byte[] baCipherTextBuffer = null;
            byte[] baPlainTextBuffer = null;
            byte[] baEncryptionKey = null;
            byte[] baInitializationVector = null;

            //Create a new key and initialization vector.
            //objRijndael.GenerateKey()
            //objRijndael.GenerateIV()
            objRijndael.Key = HexStringToByteArray(strKey);
            objRijndael.IV = HexStringToByteArray(strIV);


            //Get the key and initialization vector.
            baEncryptionKey = objRijndael.Key;
            baInitializationVector = objRijndael.IV;
            //strKey = ByteArrayToHexString(baEncryptionKey)
            //strIV = ByteArrayToHexString(baInitializationVector)

            //Get an encryptor.
            System.Security.Cryptography.ICryptoTransform ifaceAESencryptor = objRijndael.CreateEncryptor(baEncryptionKey, baInitializationVector);

            //Encrypt the data.
            System.IO.MemoryStream msEncrypt = new System.IO.MemoryStream();
            System.Security.Cryptography.CryptoStream csEncrypt = new System.Security.Cryptography.CryptoStream(msEncrypt, ifaceAESencryptor, System.Security.Cryptography.CryptoStreamMode.Write);

            //Convert the data to a byte array.
            baPlainTextBuffer = enc.GetBytes(strPlainText);

            //Write all data to the crypto stream and flush it.
            csEncrypt.Write(baPlainTextBuffer, 0, baPlainTextBuffer.Length);
            csEncrypt.FlushFinalBlock();

            //Get encrypted array of bytes.
            baCipherTextBuffer = msEncrypt.ToArray();

            return ByteArrayToHexString(baCipherTextBuffer);
        } // End Function Encrypt


        public static string DeCrypt(string strEncryptedInput)
        {
            string strReturnValue = null;

            if (string.IsNullOrEmpty(strEncryptedInput)) 
            {
                throw new ArgumentNullException("strEncryptedInput", "strEncryptedInput may not be string.Empty or NULL, because these are invid values.");
            }

            // Dim encASCII As New System.Text.ASCIIEncoding()
            System.Text.Encoding enc = System.Text.Encoding.UTF8;

            System.Security.Cryptography.RijndaelManaged objRijndael = new System.Security.Cryptography.RijndaelManaged();

            byte[] baCipherTextBuffer = HexStringToByteArray(strEncryptedInput);


            byte[] baDecryptionKey = HexStringToByteArray(strKey);
            byte[] baInitializationVector = HexStringToByteArray(strIV);

            // This is where the message would be transmitted to a recipient
            // who already knows your secret key. Optionally, you can
            // also encrypt your secret key using a public key algorithm
            // and pass it to the mesage recipient along with the RijnDael
            // encrypted message.            
            //Get a decryptor that uses the same key and IV as the encryptor.
            System.Security.Cryptography.ICryptoTransform ifaceAESdecryptor = objRijndael.CreateDecryptor(baDecryptionKey, baInitializationVector);

            //Now decrypt the previously encrypted message using the decryptor
            // obtained in the above step.
            System.IO.MemoryStream msDecrypt = new System.IO.MemoryStream(baCipherTextBuffer);
            System.Security.Cryptography.CryptoStream csDecrypt = new System.Security.Cryptography.CryptoStream(msDecrypt, ifaceAESdecryptor, System.Security.Cryptography.CryptoStreamMode.Read);

            //Dim baPlainTextBuffer() As Byte
            //baPlainTextBuffer = New Byte(baCipherTextBuffer.Length) {}
            byte[] baPlainTextBuffer = new byte[baCipherTextBuffer.Length + 1];

            //Read the data out of the crypto stream.
            csDecrypt.Read(baPlainTextBuffer, 0, baPlainTextBuffer.Length);

            //Convert the byte array back into a string.
            strReturnValue = enc.GetString(baPlainTextBuffer);
            if(!string.IsNullOrEmpty(strReturnValue))
                strReturnValue = strReturnValue.Trim('\0');

            return strReturnValue;
        } // End Function DeCrypt


        // VB.NET to convert a byte array into a hex string
        public static string ByteArrayToHexString(byte[] arrInput)
        {
            System.Text.StringBuilder strOutput = new System.Text.StringBuilder(arrInput.Length);

            for (int i = 0; i <= arrInput.Length - 1; i++) 
            {
                strOutput.Append(arrInput[i].ToString("X2"));
            }

            return strOutput.ToString().ToLower();
        } // End Function ByteArrayToHexString


        public static byte[] HexStringToByteArray(string strHexString)
        {
            int iNumberOfChars = strHexString.Length;
            byte[] baBuffer = new byte[iNumberOfChars / 2];
            for (int i = 0; i <= iNumberOfChars - 1; i += 2) 
            {
                baBuffer[i / 2] = Convert.ToByte(strHexString.Substring(i, 2), 16);
            }
            return baBuffer;
        } // End Function HexStringToByteArray

    } // End Class AES 


    public class DES
    {


        protected static string strSymmetricKey = "lalalalala";
        //Protected Shared strSymmetricKey As String = "Als symmetrischer Key kann irgendein Text verwendet werden. äöü'"

        // http://www.codeproject.com/KB/aspnet/ASPNET_20_Webconfig.aspx
        // http://www.codeproject.com/KB/database/Connection_Strings.aspx
        public static string DeCrypt(string SourceText)
        {
            string strReturnValue = "";

            if (string.IsNullOrEmpty(SourceText)) 
            {
                return strReturnValue;
            } // End if (string.IsNullOrEmpty(SourceText)) 


            using (System.Security.Cryptography.TripleDESCryptoServiceProvider Des = new System.Security.Cryptography.TripleDESCryptoServiceProvider()) 
            {

                using (System.Security.Cryptography.MD5CryptoServiceProvider HashMD5 = new System.Security.Cryptography.MD5CryptoServiceProvider()) 
                {
                    Des.Key = HashMD5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(strSymmetricKey));
                    Des.Mode = System.Security.Cryptography.CipherMode.ECB;

                    System.Security.Cryptography.ICryptoTransform desdencrypt = Des.CreateDecryptor();
                    byte[] buff = System.Convert.FromBase64String(SourceText);
                    strReturnValue = System.Text.Encoding.UTF8.GetString(desdencrypt.TransformFinalBlock(buff, 0, buff.Length));
                } // End Using HashMD5

            } // End Using Des

            return strReturnValue;
        } // End Function DeCrypt


        public static string Crypt(string SourceText)
        {
            string strReturnValue = "";

            using (System.Security.Cryptography.TripleDESCryptoServiceProvider Des = new System.Security.Cryptography.TripleDESCryptoServiceProvider()) 
            {

                using (System.Security.Cryptography.MD5CryptoServiceProvider HashMD5 = new System.Security.Cryptography.MD5CryptoServiceProvider()) 
                {
                    Des.Key = HashMD5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(strSymmetricKey));
                    Des.Mode = System.Security.Cryptography.CipherMode.ECB;
                    System.Security.Cryptography.ICryptoTransform desdencrypt = Des.CreateEncryptor();
                    byte[] buff = System.Text.Encoding.UTF8.GetBytes(SourceText);

                    strReturnValue = System.Convert.ToBase64String(desdencrypt.TransformFinalBlock(buff, 0, buff.Length));
                } // End Using HashMD5

            } // End UsingDes

            return strReturnValue;
        } // End Function Crypt


        public static string GenerateKey()
        {
            System.Security.Cryptography.TripleDESCryptoServiceProvider objDESprovider = new System.Security.Cryptography.TripleDESCryptoServiceProvider();

            objDESprovider.GenerateKey();
            objDESprovider.GenerateIV();
            byte[] bIV = objDESprovider.IV;
            byte[] bKey = objDESprovider.Key;

            return "IV: " + AES.ByteArrayToHexString(bIV) + Environment.NewLine + "Key: " + AES.ByteArrayToHexString(bKey);
        } // End Function GenerateKey


        public static string GenerateHash(string SourceText)
        {
            string strReturnValue = "";
            byte[] ByteSourceText = System.Text.Encoding.UTF8.GetBytes(SourceText);

            using (System.Security.Cryptography.MD5CryptoServiceProvider Md5 = new System.Security.Cryptography.MD5CryptoServiceProvider()) 
            {
                byte[] ByteHash = Md5.ComputeHash(ByteSourceText);
                strReturnValue = System.Convert.ToBase64String(ByteHash);
                ByteHash = null;
            } // End Using Md5

            return strReturnValue;
        } // End Function GenerateHash


    } // End Class DES


} // End Namespace 

这可以进一步加速优化:

public static string constr = null;

public string GetConnectionString()
{
    if(constr != null)
        return constr;

    string old = GetOldConnectionString();
    var csb = new System.Data.SqlClient.SqlConnectionStringBuilder(old);
    csb.Password = MyOrg.CryptStrings.DeCrypt(csb.Password);
    constr = csb.ConnectionString;
    return constr;
}