My question is about encrypting data in classic ASP and what the best course of action would be to encrypt text (not passwords) for storage and then allow all users to have access to the data (decrypt it). Basically the project consists of a classic ASP application that allows users to create accounts and see messages from other users. These messages need to be encrypted before being stored.
I have found some classic ASP encryption methods including Microsoft CAPICOM but the website points to a link where the download can be found for it and actually is a dead link. https://msdn.microsoft.com/en-us/library/ms995332.aspx
I have also seen some other forums posts mention creating a .net web service that will handle the encryption/decryption process which can be called from the classic ASP files.
I also stumbled on another concept which does not use the public/private key and uses an approach and uses a shared private key?
So I am hoping someone might know what method is best to try and accomplish this.
You only had to Google CAPICOM download.
Site: Download Center: Platform SDK Redistributable: CAPICOM
This download contains the redistributable files for CAPICOM 2.1.0.2 and samples of its use. CAPICOM can be used to digitally sign data, sign code, verify digital signatures, envelop data for privacy, hash data, encrypt/decrypt data and more.
Version: 2.1.0.2 File Name: capicom_dc_sdk.msi
Date Published: 9/26/2016 File Size: 1.8 MB
See also: Alternatives to Using CAPICOM
Related
I'm trying to figure out how to use the new DataProtection features of .NET Core in a way that will allow me to specify my own encrypt/decrypt key. This will allow me to encrypt data outside my netcoreapp and then decrypt that data inside my netcoreapp (and visa versa).
Background:
I have database with hashed passwords and encrypted Social Security Numbers. There is an application that sits on top of this database that is written in .NET 2.0.
We are creating a new UI in ASP.NET Core that will exist at the same time as the .NET 2.O UI. Users can sign in under the old UI to do things and then turn around and sign in under the new UI and do other things.
What I've tried so far:
The documentation from the ASP.NET Core Documentation website does not cover this scenario.
I found the the test Encrypt_KnownKey() which uses ManagedAuthenticatedEncryptor. I believe it is using it's own key, but unfortunately it is internal.
We have converted our .NET 2.0 encryption code to .NET Core but it's a whole-bunch-of-scary and I was hoping for an out-of-the-box solution.
UPDATE:
My current process stores the key using Windows DPAPI, so I updated the key-{guid}.xml by replacing the generated Windows DPAPI encrypted key with the Windows DPAPI encrypted key from my existing system. Not surprisingly, this did not work.
It doesn't seem unreasonable to want to specify a specific key, so I'm hoping the reason I'm having issues finding the solution is my lack of knowledge of all things encrypted.
I am building a simple ASP.NET 5 admin site, using ASP.NET Identity 2 to password protect the actual admin pages. It will be used by 2 to 4 users.
My employer doesn't want me to use a database for various reasons beyond my control. The plan is to store all user info in a text file. When a user needs to be added/removed, a dev will log into the server and update the text file. So users can only login, they can't register, change password, etc.
I would still like to use ASP.NET Identity so I can use the Authorize attribute on my MVC controllers, etc. It also makes it easier to start using a database later on.
I haven't been able to find an ASP.NET Identity provider that uses an unencrypted text file. Does such a provider exist somewhere?
I have not came across the text-file storage, but I've seen a lot of samples using some other storage mechanisms. Take a look on this post for samples and have a look on documentation about implementing custom storage.
In your case I'd store all user objects in a list and then serialise that into a JSON-string that is persisted into a file.
However it is strongly advised not to use plain text for password storage and use provided hashing mechanisms. (I'm sure you are aware of this). Just point your employer on http://plaintextoffenders.com/ for samples of why it is best not to store plain-text password.
While I was trying to understand how asp.net Indentity works I put together a sample solution where I explore the customization of the provider to use a simple storage.
You can find the code on github.
In the folder Custom.Identity you can see how I've implemented the different classes and managers.
Trailmax has written a lot about it on his blog.
Taiseer Joudeh has a written a series of articles which will help you to understand all the pieces involved.
Getting a file from the client to the server in asp.net mvc
What is the best way to get a file from the client to the server in asp.net mvc?
Will hosting allow you to save a file to their server these days or do you have to save the file on their server? Or is cloud storage the only way (of course then how do you process the file without getting it from the cloud).
Also, are there any really good examples of uploading a file, reading it and putting it in the database for asp.net mvc?
Phil Haack has a blog post on how to upload and save a file using MVC. Don't store the file in a database, just use the name.
http://haacked.com/archive/2010/07/16/uploading-files-with-aspnetmvc.aspx
Using just a browser the only practical way to upload a file is using the file input type, just as we always have.
As to whether hosting companies allow you to store files on their systems, that's really down to you and the hosting agreement you sign up to. From there questions about cloud, etc, get answered, i.e. do you need to.
I would like to have an AIR application available for web download, but have some data customized per-user-download. Think CD-key, or in this case an encryption key and user name, so that the downloaded version can connect to a website and know who it is that downloaded it. As a fail-back if this is not possible, I could require the user to log in once and set one up and then store it locally, though I'd like to make it one-click and seamless. However, if the latter is the only way to do so, what's the best cross-platform-safe way to store local persistent data available to AIR?
Best is subjective. You could use an SQL Lite Database or any sort of local file you prefer. I have distributed XML files with AIR applications before and used them for configuration purposes. I'm not sure if I'd consider an unencrypted XML file secure, but there is no reason you can't encrypt it on disk and decrypt it in memory.
It sounds like you're trying to create a form of licensing scheme. IF so, you can check out third party licensing schemes for AIR applications such as NitroLM, Sharify, Zarquon, or Adobe Shibuya.
I'm building a web application that most allow the user to digitally sign PDF documents with certificates installed in the client machine.
The document, once signed, should be posted back to the server, where it will store the signed version.
The server is running Classic ASP/ASP.NET
Where should I go?
Try Adobe LiveCycle Designer
This comes with the Adobe Master Suit and has all the capabilities for ES. It works with PKI infrastructure and will Publish "certified" PDF documents that prove authenticity for recipients. It's better to start with something that already exists.
Our SecureBlackbox library has a distributed cryptography add-on which does what you need. Client-side modules that do signing can be extended by the user (we provide complete source code). You will find detailed description of the add-on on our site or in this SO answer.
I actually built a system just like this into our web application. Here are some links I found tremendously helpful in doing so:
http://www.codeproject.com/KB/vb/Digital_Signatures.aspx
http://www.devx.com/security/Article/17249/0/page/2
http://www.example-code.com/vbdotnet/digSig1.asp
http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html
http://livedocs.adobe.com/livecycle/es/sdkHelp/programmer/sdkHelp/wwhelp/wwhimpl/common/html/wwhelp.htm?context=sdkHelp&file=signaturesSigning.90.4.html
http://www.c-sharpcorner.com/UploadFile/Gowri%20S%20Paramasivam/Cryptography211242005003308AM/Cryptography2.aspx
I would use iTextSharp to sign the PDF. iTextSharp is free and open source. Take a look at the sample code signing PDF http://itextpdf.sourceforge.net/howtosign.html I have used iTextSharp before reliably.
Look for java libraries to sign PDF documents. You can deploy them in an applet which should fit in your web application. If users need to preview the PDF documents before signing them then look at the java bean jPDFNotes from Qoppa Software (Disclosure: I'm affiliated with this company). If the documents can be signed without preview, look at their other libraries jPDFFields or jPDFProcess. There is also iText an open source library but iText doesn't support viewing documents so it will only work in the second scenario.
Go to http://www.certisign.com.br/ they have the answer for you. CertSign has API's and training to enable digital certification.
This place did exactly what you need when I renewed my digital CPF http://loja.certificadodigital.com.br/Serasa/Serasa-Certificados-Digitais/D1
I use to write the FDF to PDF programming from Adobe FDF toolkit. I could take the full version of Acrobat Pro and use a W-2 , I-9 Federal Forms place fields and a signature box and with Topaz Systems signature pads, based on pressure points, angles etc... the activex algorithm would save the signature and everything into the sql server database, and i could go the other way and populate a PDF from SQL Server.
We do this using Silverlight with BouncyCastle in the client and iTextSharp in the server.