微软企业库数据库连接字串加密
在开发c/s程序的时候,如果用到了微软企业库做为数据库连接,那么就在要app.config中写入明文的数据库连接字串,这样是很不安全的。
在发现此问题后,我看一下enterprise lib的源代码,修改了一个类后,就解决了这个问题。
该类就是ConnectionString
首先在类里面加入一个解密方法:
/// <summary> /// 进行DES解密。 /// </summary> /// <param name="pToDecrypt">要解密的以Base64</param> /// <param name="sKey">密钥,且必须为8位。</param> /// <returns>已解密的字符串。</returns> public string Decrypt(string pToDecrypt, string sKey) { if ((pToDecrypt.Length % 4) != 0)//因为加密后是base64,所以用4来求余进行验证 { return pToDecrypt; } if (pToDecrypt.Contains("Password"))//如果包含Password,表示没有加密 { return pToDecrypt; } byte[] inputByteArray = Convert.FromBase64String(pToDecrypt); using (DESCryptoServiceProvider des = new DESCryptoServiceProvider()) { des.Key = ASCIIEncoding.ASCII.GetBytes(sKey); des.IV = ASCIIEncoding.ASCII.GetBytes(sKey); System.IO.MemoryStream ms = new System.IO.MemoryStream(); using (CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(), CryptoStreamMode.Write)) { cs.Write(inputByteArray, 0, inputByteArray.Length); cs.FlushFinalBlock(); cs.Close(); } string str = Encoding.UTF8.GetString(ms.ToArray()); ms.Close(); return str; } }
然后修改ConnectionString类的构造方法,增加一行代码:
this.connectionString = Decrypt(connectionString,"abcdefgh");
此后,对数据库连接字串的加密方法是:
/// <summary> /// 进行DES加密 /// </summary> /// <param name="pToEncrypt">要加密的字符串</param> /// <param name="sKey">密钥,且必须8位</param> /// <returns>以Base64格式返回的加密字符串</returns> public string Encrypt(string pToEncrypt, string sKey) { using (DESCryptoServiceProvider des = new DESCryptoServiceProvider()) { byte[] inputByteArray = Encoding.UTF8.GetBytes(pToEncrypt); des.Key = ASCIIEncoding.ASCII.GetBytes(sKey); des.IV = ASCIIEncoding.ASCII.GetBytes(sKey); System.IO.MemoryStream ms = new System.IO.MemoryStream(); using (CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(), CryptoStreamMode.Write)) { cs.Write(inputByteArray, 0, inputByteArray.Length); cs.FlushFinalBlock(); cs.Close(); } string str = Convert.ToBase64String(ms.ToArray()); ms.Close(); return str; } }