Home page  
Home | Buy | Support

Products

CipherLite.NET

CipherSafe.NET

Downloads

Resources

Articles

Libraries

Samples

Site Map

BIGGER FONTsmaller font

CipherLite.NET™ FAQ's

How do application developers and administrators specify the encryption keys?

When using the Rijndael(AES) symmetric key, the key will be derived from a passphrase (password) and a number of optional characteristics, such as key length, initialization vector, and others. (Note: The passphrase is the most sensitive characteristic of the key, so it's important to protect it.) The application developer will most likely keep the passphrase (and other characteristics) embedded in the application source code or derive it at runtime from certain system characteristics, such as machine name, file path, etc. When encrypting application settings using the CipherLite.NET™ GUI tool, the administrator must specify the same passphrase and other cryptographic characteristics. When using DPAPI, Windows® will generate the key automatically.

Doesn't embedding password in the application source code impose a security risk?

It sure does, but this risk is still lower than leaving sensitive data unencrypted. The risk can be further minimized by obfuscating assemblies containing passwords using an obfuscators, which provides the capability to encrypt strings. However, it is advisable to use DPAPI encryption instead of Rijndael (AES), because it eliminates the need to manage the key.

How does CipherLite.NET™ store and retrieve encrypted values?

Unlike CipherSafe.NET™, CipherLite.NET™ does not store or retrieve encrypted values; these steps are responsibility of the applications, which can use a variety of techniques. The most obvious method would be storing encrypted values in the application configuration files, such as web.config and app.config. In this case, an application can retrieve the values using the AppSettings property of the System.Configuration.ConfigurationSettings class instance and pass these values to CipherLite.NET™ library for decryption. Applications can also use other storage media; for example, Windows® registry.

What are the requirements to use CipherLite.NET™?

The only requirement is .NET runtime (version 1.0 or later).

Does CipherLite.NET™ work on .NET 1.0?

Yes, CipherLite.NET™ 1.3 (and earlier) works on .NET 1.0.

Does CipherLite.NET™ work on .NET 1.1?

Yes, CipherLite.NET™ 1.3 (and later) works on .NET 1.1.

Does CipherLite.NET™ work on .NET 2.0?

Yes, CipherLite.NET™ 1.4 (and later) works on .NET 2.0.

Can CipherLite.NET™ be used on a non-Windows platform?

No.

Can CipherLite.NET™ run on Mono platform?

We haven't tried it.

Can CipherLite.NET™ run on Mobile editions of Windows®?

No, at the time of writing it did not work.

Can traditional Win32® applications use CipherLite.NET™?

No.

Which languages can use CipherLite.NET library™?

The library can be called from any .NET-compatible language, including C#, Visual Basic.NET®, and Visual C++.NET®.

 

Copyright © 2002-2010 Obviex™ | All rights reserved | Legal | Privacy | Contact us