CipherSafe.NET™ is a software product,
which solves the problem of data protection for Windows® applications
running on systems with .NET Framework.
It can be used to encrypt and store database connection strings, passwords, encryption keys,
and other application secrets in a secure manner.
CipherSafe.NET™ handles all security aspects of data protection
including cryptography, key management, and authorization.
The product is extremely easy to use and can work with a wide range of applications
written in managed or unmanaged code.
To find out more about the product read the following sections:
Why use CipherSafe.NET™?
Who can benefit?
How does it work?
Trying the product
Bugs and problems
Frequently asked questions
Why use CipherSafe.NET™?
While existing data protection tools and technologies,
such as cryptography,
Data Protection API (DPAPI),
Configuration Management Application Block, and others,
can be used to protect application data, they all have shortcomings.
- Cryptography does little good if encryption/decryption keys
are not sufficiently protected.
- DPAPI solves the key management problem,
but when it is used securely (i.e. with user store),
it will not work well (or at all) for many types of applications,
such as ASP.NET (Web Forms, Web Services) or
programs running under different user accounts.
- Microsoft® Configuration Management Application Block offers capabilities
for storing application secrets, but these capabilities do not provide
sufficient protection of encryption keys (they either rely on DPAPI
with resulting limitations or require the keys to be store in plain text).
Because of the fundamental complexities of the problem,
secure implemention of data protection can be intimidating even for
security-savvy application developers.
As a result, many data protection solutions merely rely
on encryption and fail to address such important issues as
key management and access authorization
(i.e. which applications and users are allowed to set or retrieve data).
In addition, since most enterprise applications require protection of
application secrets (such as database connection strings),
the same problem has to be addressed repeatedly by different
organizations within the same company causing the waste of time and resources.
Because the problem of protecting application secrets is rather generic,
it makes more sense to reuse a common
solution instead of "reinventing the wheel" in every new project.
This is where CipherSafe.NET™ can help you.
CipherSafe.NET™ offers a generic, secure, and easy to implement
and administer solution, which solves the most common problems associated
with data protection tools and technologies.
(Note: If you find a better one, please let us know and we will change
Who can benefit?
CipherSafe.NET™ was designed for enterprise customers,
who want to protect sensitive application data.
In particular, the product can benefit the following groups:
- Software architects/engineers
will be able to reuse a single data protection component
in practically any enterprise application.
- Application developers
will focus on business requirements instead of
having to solve the complex problem of secure data storage.
- System administrators
will have a consistent interface and automation tools
for managing sensitive application profiles.
- Corporate Information Security (CIS)
will have an easy solution for one of the most common,
yet hard-to-address, security problems.
CipherSafe.NET™ offers the following capabilities:
- Encryption and decryption of application profile values.
- Secure storage and retrieval of application profile values.
- Ability to export and import application profiles from one computer to another (with safeguards).
- Effective authorization rules.
- Auditing of administrative operations.
- Cryptographic key management.
- Support for different types of Windows® applications,
such as executable files, dynamic-link libraries,
Web Forms, Web Services, Windows® scripts, and others.
- GUI for performing administrative tasks.
- Extensive and easy-to-use API for both managed and unmanaged applications.
- Tools for building and testing database connection strings.
- And more...
How does it work?
CipherSafe.NET™ applies strong symmetric key encryption
along with the operating system features
and .NET Framework security capabilities to restrict entities,
which are allowed to access sensitive application profile values.
CipherSafe.NET™ uses different authorization criteria when application profile values are being
defined and retrieved.
Authorization to define data is based on the user identity,
while authorization to retrieve data is based on the application identity.
In the other words, only designated administrators can define application settings,
and only applications, for which the settings are defined, can get their plaintext values.
CipherSafe.NET™ comes with a GUI tool allowing application administrators to
define application profiles and a .NET library handling runtime operations.
When an application profile value is defined,
CipherSafe.NET™ encrypts it using the machine and application-specific cryptographic key
and stores the encrypted value in the Windows® registry or the application configuration file
(Web.config or app.config).
The application can then retrieve this profile value using the CipherSafe.NET™ library.
[See a detailed example...]
CipherSafe.NET™ imposes the following requirements:
- The product will run on Windows® 2000 (or later) with
.NET Framework 1.1 (or later).
It will not run on non-Windows platforms, Windows® 95, 98, or ME,
or systems without Common Language Runtime (CLR).
- The product may not function correctly on a system,
which does not have a local hard drive
or if the operating system is not installed on a local hard drive.
- Product installation program requires Microsoft® Installer (MSI) 2.0 or higher.
- Product must be installed by an administrator.
- Depending on the type of license, product registration may require access to the Internet.
CipherSafe.NET™ comes in two editions: Professional and Enterprise.
Enterprise Edition has the following features,
which are not available in Professional Edition:
- Ability to export and import application profiles.
- More extensive audit logging
(Professional Edition only logs critical errors).
A free evaluation version of the product is available
(see the downloads page).
We offer free and discounted licenses for certain types of customers,
such as non-profit organizations and educational institutions
our sales team for details).
To find out more about prices and licenses,
product licensing page.
To purchase a product license, please visit the
Please contact our support team via
Normally, the issues are addressed within 1-2 business days.
When reporting a problem or requesting assistance,
do not forget to include relevant information about your system configuration
(operating system, service pack level, .NET framework version, product version).
If you hold a license, provide your product activation code.
You can try CipherSafe.NET™ without registering it.
Please be aware that when using an unlicensed copy of the product,
there will be a limit on the number of applications, which can be managed.
If you purchase a license,
simply register your current copy of the product using a supplied activation code.
To download and install CipherSafe.NET™, follow the instructions on the
Product version information is included in the
Bugs and problems
All reported and acknowledged issues with CipherSafe.NET™,
which have not been addressed or have been addressed recently,
are listed in the
Additional information about the product can be found in the
CipherSafe.NET™ User's Guide which you can get from the
You may also want to review the list of
frequently asked questions or
look at a
screen shot of the main application window.
If you would like to learn about the features planned for the upcoming releases
or request new functionality, please check out the
CipherSafe.NET™ wish list.