C# encrypt XML and secure it from disassembling












0















I am doing a larger application which at some point would serialize/deserialize XML files. The problem is, that I need to make some of those XML files encrypted.



Basically, the encrypted one would be made by my professor for his students. It would be like a black-box, so my professor prepares a class in my application, serializes it and additionally, my app would encrypt the whole XML. Then student loads the XML to the application, but they don't know what's in it. I thought about a simple encryption, AES, whatever. I would store the key to encryption/decryption as bytes in my code.



But then it came to me, that every student could go for something like dotPeek, or something like this, disassembly my executable and then get the key and be able to decrypt every encrypted XML file. Now that is not something I can allow.



I was searching through the internet for possible solutions to my problem, but I couldn't quite find an answer.



Can you guys think of any way of doing that kind of thing? The app would be written in C# and would be running on Windows 7/10 if that matters.






c# encryption







share|improve this question























  • Get an ecryption key from a server

    – pale bone
    Nov 13 '18 at 3:06











  • Not possible, as the computers in the lab may and possibly will be disconnected from the internet

    – dabljues
    Nov 13 '18 at 3:16











  • What about just using a password the professor passes as an argument at runtime or as an environment variable, or load it from a password guarded USB stick

    – pale bone
    Nov 13 '18 at 3:21











  • Yes, that is an option, but its kinda inconvenient

    – dabljues
    Nov 13 '18 at 3:45
















0















I am doing a larger application which at some point would serialize/deserialize XML files. The problem is, that I need to make some of those XML files encrypted.



Basically, the encrypted one would be made by my professor for his students. It would be like a black-box, so my professor prepares a class in my application, serializes it and additionally, my app would encrypt the whole XML. Then student loads the XML to the application, but they don't know what's in it. I thought about a simple encryption, AES, whatever. I would store the key to encryption/decryption as bytes in my code.



But then it came to me, that every student could go for something like dotPeek, or something like this, disassembly my executable and then get the key and be able to decrypt every encrypted XML file. Now that is not something I can allow.



I was searching through the internet for possible solutions to my problem, but I couldn't quite find an answer.



Can you guys think of any way of doing that kind of thing? The app would be written in C# and would be running on Windows 7/10 if that matters.






c# encryption







share|improve this question























  • Get an ecryption key from a server

    – pale bone
    Nov 13 '18 at 3:06











  • Not possible, as the computers in the lab may and possibly will be disconnected from the internet

    – dabljues
    Nov 13 '18 at 3:16











  • What about just using a password the professor passes as an argument at runtime or as an environment variable, or load it from a password guarded USB stick

    – pale bone
    Nov 13 '18 at 3:21











  • Yes, that is an option, but its kinda inconvenient

    – dabljues
    Nov 13 '18 at 3:45














0












0








0








I am doing a larger application which at some point would serialize/deserialize XML files. The problem is, that I need to make some of those XML files encrypted.



Basically, the encrypted one would be made by my professor for his students. It would be like a black-box, so my professor prepares a class in my application, serializes it and additionally, my app would encrypt the whole XML. Then student loads the XML to the application, but they don't know what's in it. I thought about a simple encryption, AES, whatever. I would store the key to encryption/decryption as bytes in my code.



But then it came to me, that every student could go for something like dotPeek, or something like this, disassembly my executable and then get the key and be able to decrypt every encrypted XML file. Now that is not something I can allow.



I was searching through the internet for possible solutions to my problem, but I couldn't quite find an answer.



Can you guys think of any way of doing that kind of thing? The app would be written in C# and would be running on Windows 7/10 if that matters.






c# encryption







share|improve this question














I am doing a larger application which at some point would serialize/deserialize XML files. The problem is, that I need to make some of those XML files encrypted.



Basically, the encrypted one would be made by my professor for his students. It would be like a black-box, so my professor prepares a class in my application, serializes it and additionally, my app would encrypt the whole XML. Then student loads the XML to the application, but they don't know what's in it. I thought about a simple encryption, AES, whatever. I would store the key to encryption/decryption as bytes in my code.



But then it came to me, that every student could go for something like dotPeek, or something like this, disassembly my executable and then get the key and be able to decrypt every encrypted XML file. Now that is not something I can allow.



I was searching through the internet for possible solutions to my problem, but I couldn't quite find an answer.



Can you guys think of any way of doing that kind of thing? The app would be written in C# and would be running on Windows 7/10 if that matters.






c# encryption




c# encryption






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 13 '18 at 3:00









dabljuesdabljues

1577




1577













  • Get an ecryption key from a server

    – pale bone
    Nov 13 '18 at 3:06











  • Not possible, as the computers in the lab may and possibly will be disconnected from the internet

    – dabljues
    Nov 13 '18 at 3:16











  • What about just using a password the professor passes as an argument at runtime or as an environment variable, or load it from a password guarded USB stick

    – pale bone
    Nov 13 '18 at 3:21











  • Yes, that is an option, but its kinda inconvenient

    – dabljues
    Nov 13 '18 at 3:45



















  • Get an ecryption key from a server

    – pale bone
    Nov 13 '18 at 3:06











  • Not possible, as the computers in the lab may and possibly will be disconnected from the internet

    – dabljues
    Nov 13 '18 at 3:16











  • What about just using a password the professor passes as an argument at runtime or as an environment variable, or load it from a password guarded USB stick

    – pale bone
    Nov 13 '18 at 3:21











  • Yes, that is an option, but its kinda inconvenient

    – dabljues
    Nov 13 '18 at 3:45

















Get an ecryption key from a server

– pale bone
Nov 13 '18 at 3:06





Get an ecryption key from a server

– pale bone
Nov 13 '18 at 3:06













Not possible, as the computers in the lab may and possibly will be disconnected from the internet

– dabljues
Nov 13 '18 at 3:16





Not possible, as the computers in the lab may and possibly will be disconnected from the internet

– dabljues
Nov 13 '18 at 3:16













What about just using a password the professor passes as an argument at runtime or as an environment variable, or load it from a password guarded USB stick

– pale bone
Nov 13 '18 at 3:21





What about just using a password the professor passes as an argument at runtime or as an environment variable, or load it from a password guarded USB stick

– pale bone
Nov 13 '18 at 3:21













Yes, that is an option, but its kinda inconvenient

– dabljues
Nov 13 '18 at 3:45





Yes, that is an option, but its kinda inconvenient

– dabljues
Nov 13 '18 at 3:45












1 Answer
1






active

oldest

votes


















0














If it is a multi-user application, then you need to ensure the ownership of the file by individual user authentication & authorization.



Server should be able to validate client incoming request and serve the authorized file accordingly.



Maintain different encryption keys for each user; this is to decrypt the file. Note that, having global-admin-enc-key is vulnerable in attack vector.



To prevent the code from re-engineered, you can obscure the code by obfuscation. It confuses the code for human. This thread also claims to have a protector.
How to prevent decompilation of any C# application






share|improve this answer


























  • It is a single app, which is not connected to anything whatsoever and will be copied over usb stick to multiple computers

    – dabljues
    Nov 13 '18 at 3:28











  • You need obfuscator protector.

    – Ashokan Sivapragasam
    Nov 13 '18 at 5:54











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53273159%2fc-sharp-encrypt-xml-and-secure-it-from-disassembling%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














If it is a multi-user application, then you need to ensure the ownership of the file by individual user authentication & authorization.



Server should be able to validate client incoming request and serve the authorized file accordingly.



Maintain different encryption keys for each user; this is to decrypt the file. Note that, having global-admin-enc-key is vulnerable in attack vector.



To prevent the code from re-engineered, you can obscure the code by obfuscation. It confuses the code for human. This thread also claims to have a protector.
How to prevent decompilation of any C# application






share|improve this answer


























  • It is a single app, which is not connected to anything whatsoever and will be copied over usb stick to multiple computers

    – dabljues
    Nov 13 '18 at 3:28











  • You need obfuscator protector.

    – Ashokan Sivapragasam
    Nov 13 '18 at 5:54
















0














If it is a multi-user application, then you need to ensure the ownership of the file by individual user authentication & authorization.



Server should be able to validate client incoming request and serve the authorized file accordingly.



Maintain different encryption keys for each user; this is to decrypt the file. Note that, having global-admin-enc-key is vulnerable in attack vector.



To prevent the code from re-engineered, you can obscure the code by obfuscation. It confuses the code for human. This thread also claims to have a protector.
How to prevent decompilation of any C# application






share|improve this answer


























  • It is a single app, which is not connected to anything whatsoever and will be copied over usb stick to multiple computers

    – dabljues
    Nov 13 '18 at 3:28











  • You need obfuscator protector.

    – Ashokan Sivapragasam
    Nov 13 '18 at 5:54














0












0








0







If it is a multi-user application, then you need to ensure the ownership of the file by individual user authentication & authorization.



Server should be able to validate client incoming request and serve the authorized file accordingly.



Maintain different encryption keys for each user; this is to decrypt the file. Note that, having global-admin-enc-key is vulnerable in attack vector.



To prevent the code from re-engineered, you can obscure the code by obfuscation. It confuses the code for human. This thread also claims to have a protector.
How to prevent decompilation of any C# application






share|improve this answer















If it is a multi-user application, then you need to ensure the ownership of the file by individual user authentication & authorization.



Server should be able to validate client incoming request and serve the authorized file accordingly.



Maintain different encryption keys for each user; this is to decrypt the file. Note that, having global-admin-enc-key is vulnerable in attack vector.



To prevent the code from re-engineered, you can obscure the code by obfuscation. It confuses the code for human. This thread also claims to have a protector.
How to prevent decompilation of any C# application







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 13 '18 at 5:54

























answered Nov 13 '18 at 3:16









Ashokan SivapragasamAshokan Sivapragasam

336111




336111













  • It is a single app, which is not connected to anything whatsoever and will be copied over usb stick to multiple computers

    – dabljues
    Nov 13 '18 at 3:28











  • You need obfuscator protector.

    – Ashokan Sivapragasam
    Nov 13 '18 at 5:54



















  • It is a single app, which is not connected to anything whatsoever and will be copied over usb stick to multiple computers

    – dabljues
    Nov 13 '18 at 3:28











  • You need obfuscator protector.

    – Ashokan Sivapragasam
    Nov 13 '18 at 5:54

















It is a single app, which is not connected to anything whatsoever and will be copied over usb stick to multiple computers

– dabljues
Nov 13 '18 at 3:28





It is a single app, which is not connected to anything whatsoever and will be copied over usb stick to multiple computers

– dabljues
Nov 13 '18 at 3:28













You need obfuscator protector.

– Ashokan Sivapragasam
Nov 13 '18 at 5:54





You need obfuscator protector.

– Ashokan Sivapragasam
Nov 13 '18 at 5:54


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53273159%2fc-sharp-encrypt-xml-and-secure-it-from-disassembling%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Florida Star v. B. J. F.

Image
Florida Star v. B. J. F. From Wikipedia, the free encyclopedia Jump to navigation Jump to search United States Supreme Court case Florida Star v. B. J. F. Supreme Court of the United States Argued March 21, 1989 Decided June 21, 1989 Full case name The Florida Star v. B. J. F. Citations 491 U.S. 524 ( more ) 109 S. Ct. 2603; 105 L. Ed. 2d 443; 1989 U.S. LEXIS 3120; 57 U.S.L.W. 4816; 16 Media L. Rep. 1801 Prior history The Florida Star v. B.J.F., 530 So.2d 286 (1988) Supreme Court of Florida; Florida Star v. B.J.F., 499 So.2d 883 (1986) Fla. Dist. Court of Appeals Holding Florida Stat. § 794.03 is unconstitutional to the extent it makes the truthful reporting of information that was a matter of public record unlawful, as it violates the First Amendment. Court membership Chief Justice William Rehnquist Associate Justices William J. Brennan Jr.  · Byron White Thurgood Marshall  · Harry Blac
Read more

Error while running script in elastic search , gateway timeout

Image
0 while running script in elastic search, I got 504 Gateway timeout error. { "query": { "bool": { "filter": { "script": { "script": " doc['creted_date'].date.getMonthOfYear() == 12 " } } } }, "aggs": { "test": { "date_histogram": { "field": "creted_date", "interval": "month", "format": "MMM" }, "aggs": { "cost": { "sum": { "field": "cost" } } }
Read more

Adding quotations to stringified JSON object values

Image
0 My stringified object data doesn't include quotation marks around object values, which errors when attempting JSON.parse() : '{ "affiliation": CORPORATE, "userId": 75c35d1c-5d12-4485-8fa8-b2f1551a3e6e }' I need the string to be: '{ "affiliation": "CORPORATE", "userId": "75c35d1c-5d12-4485-8fa8-b2f1551a3e6e" }' I'm using this regex to add quotes to the object keys: var newStr = str.replace(/(['"])?([a-z0-9A-Z_]+)(['"])?:/g, '"$2": '); For instance: '{ affiliation: CORPORATE }' to '{ "affiliation": CORPORATE }' There are only string values in my data, so I don't need to check value types. How can I alter my regex expression to add quotations to
Read more