LLBLGen data encryption with type-converter: best-practice to fetch key?

Posts   
 
    
greenstone
User
Posts: 132
Joined: 20-Jun-2007
# Posted on: 11-Apr-2012 17:40:30   

Hi,

Some great posts on encryption using LLBLGen! http://www.llblgen.com/tinyforum/Messages.aspx?ThreadID=20542&HighLight=1

Using the typeconverter seems like a good place for the encryption. One question: Since the type converter is a stand-alone .dll (from that I see), what's the best way (for my ASP.NET application) for the type converter to fetch my encryption key? Do you have a suggestion as if the encryption key should be in the web.config, or should/must be in the machine's key store?

Thanks!

Walaa avatar
Walaa
Support Team
Posts: 14946
Joined: 21-Aug-2005
# Posted on: 11-Apr-2012 17:49:48   

There is no right answer for this question. But for Encryption Keys, I normally hard code them in the application code. I don't like to risk having it written out in the config file.

greenstone
User
Posts: 132
Joined: 20-Jun-2007
# Posted on: 11-Apr-2012 18:06:43   

Hi Walla,

Thanks for the quick note!

The application is hosted by different customers, so we want to let them control their encryption key. The web.config can be encrypted with the machine key (using web.config section encryption)...so this encryption key could be held in non-visible form.

So wanted to see if there was any suggestion of how to best get the web.config setting into the type converter (since the type converter seems independent of the actual ASP.NET web application).

Thanks!

daelmo avatar
daelmo
Support Team
Posts: 8245
Joined: 28-Nov-2005
# Posted on: 12-Apr-2012 05:57:24   

AFAIK, you can store a "myKey" value in a AppSetting, then you can go to some config encryption techniques, like this or this other. According to the docs, the decryption is done transparently, so you then can access the key in your typeconverter code:

string myKey = ConfigurationSettings.AppSettings["myKey"];
David Elizondo | LLBLGen Support Team