I have an application, its Name and Logo can changed directly from a TXT and a PNG file in the same directory.
I want to give the user the ability to change the Logo and Text File from another application that does the following :
Takes the Logo.png , Name.txt file paths and the directory of my Software then encrypt these two files and put them in the Directory of the Software
In the other hand. The software will Decrypt these two files and write them to Hard Disk to temp directory then use them to display the name and the logo.
I searched for the simplest and easiest way to encrypt a file and i found :
From the MSDN :
File.Encrypt():
Encrypts a file so that only the account used to encrypt the file can decrypt it.
Could someone please tell me what does it mean "only the account used to encrypt a file can decrypt it"
What about encrypting the application from Computer1 by Application1 then the file will be decrypted by Computer2 in Application2
Will the encryption work correctly ?
Edit:The purpose why I need to encrypt these two files is to avoid users from directly change the Logo and the Name of Application from the directory
This will encrypt the file, but not as you expect - and almost certainly not such that it can be decrypted by another application/user on a different computer.
The Encrypt method basically just toggles a feature of the underlying NTFS driver to encrypt the specified file on the file system itself. The nice feature is that it (typically) provides seamless file encryption for the user, but it isn't really portable encryption. It is the same as opening the file properties, clicking the advanced button and selecting the "Encrypt" checkbox.
More information on the encrypting feature of NTFS can be be found here: http://technet.microsoft.com/en-us/library/bb457116.aspx
No. You should use a proper encryption method such as those in System.Security.Cryptography namespace. There is a stream implementation for this, too, called CryptoStream, which you may wrap a FileStream with for encrypting files with.
This is related to Windows' EFS.
You can try it from Windows Explorer by right-clicking on the file, Properties, Advanced, Encrypt contents. The file data is automatically decrypted/encrypted on the fly as your app accesses it. But if another user logs in the machine and copies the file it will appear encrypted since the encryption is based on a user token.
This is may or may not be what you want and that depends on your intended use of that feature. If you don't want the user to be able to modify the data outside your app it won't be enough.
Related
Is there a way to sign binary files? I'd like to sign my zip files to protect them from modification (to prevent installation of malicious software).
Signing XML is rather easy, but I'm not so sure about binary files. Is this even possible? All I can find about that matter is code signing (which is not what I want). There is no use in buying expensive certificates, it's just to ensure that update files aren't modified when they get installed.
I figure I have to work like that: Hashing the file, generating a key pair (probably using the hash for it) and then append the signature bytes to the file.
Vice versa, reading the signature bytes and verifying the hash against the public key of the signature.
But I don't think it's that simple. Do I have to consider certain things (like with XML that you need to canonicalize)?
I do not necessarily need code, but some detailed explanation about the process (any resources that explain that thoroughly would be okay as well).
When working with arbitrary binary files you can't modify their content so if you want to sign them you need to use a separate external file that contains the hash of the file you want to sign and also signs itself to prevent itself from being modified.
You then read this separate file, verify its personal signature, then verify the hash of each file it lists in its contents. You can use Catalog Files built in to windows (using MakeCat and SignTool to create them) or create your own following the same process.
Because you are only distributing updates, and if you are allowed to assume that the program loading the updates has not been modified, you don't need to "buy" a certificate. You could create your own "private CA", distribute that CA's certificate inside the updater, then use that Private CA's certificate to validate the catalog file.
I'm not sure what you mean as "binary file", but if you talk about PE format (Windows binary executable) you can generate own signature (encrypted hash) and put it inside of PE file in the same place as Windows authenticode certificate goes. Here is an open source tool to make such modifications:
http://blog.didierstevens.com/programs/disitool/
I have a bit of a difficult use-case.
I have for example 20 pdf files on a CD along with a program, which is used to open these files. But I want the user, who is using the program, to be unable to open the pdf files from the filesystem. Only the program should be able to open these files (after the user has given the password to open the "archive")
I have no idea on how to start with this, hopefully somebody can give me a hint or a pointer.
Thank you guys in advance.
Encrypt the files and have the program perform the decryption. Note that this won't necessarily make it impossible for the user to open the files without your program, but will make it inconvenient.
I don't think there is a way to solve it as you have described it.
You can use the files system flag 'hidden', but many users have set their file explorer to see hidden files.
But of course you could scramble the file content (with a simple or complex encryption) or put it in a password protected zip.
You can use an external tool that encrypts the file into an exe file.
e.g.
http://www.drmsoft.com/pdf-to-exe-encrypter.asp
You can run the exe and give password from your program.
how can we encrypt an executeable file using c# and make that encrypted file still executeable without using extra file for decryption?
mean the decryption methods shuold be inside file.
how can i write something like that with c# language?
thanks in adavance
Storing encrypted data on clients machine and having it decrypt automatically means that you will have to store decryption key on that machine as well. This means that you can't effectively protect data and provide it to user. Such encryption is only used to slow down user from tampering with the data as time is needed to recover decryption key and algorithm.
If you want to encrypt code of the executable itself, to prevent user from tampering with it, this is a very very complex topic. It's only matter of persistence and time. You will not get an answer to such question in one StackOverflow post. You'll have to study PE and .NET file formats, operating system internals regarding executable loader as well as mscor*.
If you need to store some data
choose some encryption algorithm and encrypt your data into a file (see this question)
add encrypted file to your c# project as embedded resourse
in runtime access this file (see this question) and decrypt it (already discussed in first point)
I have a program in C++ that stores certain files such as movies, mp3 & Flash in the AppData folder. The issue is that whilst generally hidden, the user can easily visit this folder and take any of these files.
Is there a way that the program can encrypt this folder so that it's not possible for the user to access the files (except through the software itself)?
Any other solutions (even if not related to the above) are much appreciated.
You can use your own program to encrypt a file or a folder.However you can use open source software like truecrypt.The software along with the code is available.Code is written in C,C++ and assembly
Why not simply encrypt the files and then decrypt them when they are loaded by the app. That way it does not matter if the user can access the files.
i am generating *.reg file using code which will have some important data. and user will save this into registry.
upon application launch i am getting the values from registry and performing some validation..
but the problem is that in registry and in *.reg file the information are stored in plain text.
how can i create encrypted *.reg file first.
then in application start. how to decrypt the value(encrypted) from registry..
i read some articles. but they are related to encryption/decryption of file.
here i am working with "*.reg" file and Registry itself
If your program is the only one that is reading the values from the registry you can save them encrypted and decrypt them on every use.
This way the exported .reg file is going to contain encrypted data too.
If there are other programs using the data you must ensure they can access and understand the information they need.
Sorry Mohsan, that's the wrong way. d. showed the right way.
Just imagine if you encrypt a .reg file. What should happen afterwards?? You'll like to import it into the registry, but before you can you have to decrypt it and so just plain text comes into registry which can be read be everyone.
So don't encrypt your key or value names. Encrypt the content of your values within the registry. So your program can read it in, decrypt it and work with it. Here is an example:
[HKLM\Key\SubKey\SubSubKey\etc]
#=""
"Password"="KALSDJLSIWNKLDNISNDLKWDNLAW"
So you program opens the key, reads the value and computes the decrypt algorithm on that value, resolving it to: 'My Secret Password'
What's the point? Anyone can just use a tool like Regmon to find out what values you set anyway.
You should instead just encrypt the values and decrypt them when your application reads them (that is assuming your app the only one accessing that data). Keep in mind, though, that you'd have to store the decryption key somewhere in your executable which opens up a whole other can of worms.
You wont be able to transparently encrypt the registry.
I would look at either public/private key or symmetric key encryption methods.
Here is a quick project to use RSA:
http://www.codeproject.com/KB/security/RSACryptoPad.aspx
Storing your keys in a resource is probably the best way to protect the contents, but be warned: If you store both the Key and the Cyphertext on the same system (eg, in your program and in the registry) there is no way to fully prevent the owner of the system from reading the Plaintext.