CipherLite.NET™

CipherLite.NET™ can be used to encrypt and decrypt database connection strings and other sensitive .NET application settings stored in configuration (.config) files. In addition to encryption, CipherLite.NET™ provides facilities for hashing data and verifying data hashes.

How does it work?

CipherLite.NET™ comes with a GUI tool allowing application administrators to encrypt application settings (the tool can also be used to decrypt data). Once encrypted, application settings can be stored in the application configuration files (Windows® registry or other storage media). Applications can retrieve encrypted values from the configuration files and decrypt them with the help of the CipherLite.NET™ library. [See a detailed example...]

In addition to encryption and decryption, CipherLite.NET™ offers a capability to generate password (and other) hashes, which can be used for user authentication or other purposes.

Technology

CipherLite.NET™ is a .NET application. It encrypts and decrypts data using the Rijndael (AES) symmetric key algorithm, as well as DPAPI. The product supports several hashing algorithms including MD5, SHA-1, SHA-256, SHA-384, SHA-512, HMAC SHA-1, and others.

Disclaimer

As with any other security product, you must understand the limitations of CipherLite.NET™. The major problem with CipherLite.NET™ is that when used for symmetric key encryption (with the Rijndael/AES key) it requires the caller application to keep the password used to generate the cryptographic key. Depending on how you choose to implement password management, your data can be at risk. For example, when embedding the password in the application source code, be aware that if your application is reverse engineered, the password can be easily discovered. This is especially true if the application assembly is not obfuscated. Also, having an administrator, who performs encryption, to know the password can cause anything from inconvenience to security threat. If you are looking for a different approach to protecting secret data, check our CipherSafe.NET™ product, which addresses some of these issues.

Requirements

CipherLite.NET™ imposes the following requirements:

• The product will run on Windows® NT 4.0 SP 6a or higher (i.e. 2000, XP) with .NET Framework 1.0 and later; it will not run on non-Windows platforms, Windows® 95, 98, or ME, or systems without .NET runtime.
• Product installation program requires Microsoft® Installer (MSI) 2.0 or higher.

Licensing

CipherLite.NET™ is absolutely free as long as it is used according to the terms of the End-User License Agreement (EULA).

Support

Since CipherLite.NET™ is a freeware product, support is not guaranteed. However, if you report a reproducible problem, we will try to fix it in a timely manner. Please report a problem or request assistance via e-mail.

Try it

To download and install CipherLite.NET™, follow the instructions on the downloads page.

Versions

Product version information is included in the release notes.

What else?

Additional information about the product can be found in the CipherLite.NET™ User's Guide which you can get from the downloads page. You may also want to review the list of frequently asked questions or check these screenshots:

• Encryption (Rijndael)
• Encryption (DPAPI with machine key)
• Encryption (DPAPI with user key)
• Decryption (Rijndael)
• Decryption (DPAPI)
• Hashing