为了从轻松地抓住我的数据prevent人，我缓存数据从我的服务为加密的文件（复制保护的，基本上）。

In order to prevent somebody from grabbing my data easily, I cache data from my service as encrypted files (copy protection, basically).

然而，为了做到这一点，我必须存储在.NET组件内的加密密钥，因此它是能够加密和解密这些文件。

However, in order to do this, I must store the encryption key within the .NET assembly so it is able to encrypt and decrypt these files.

依据像红门的.net反射工具，可以拉我的钥匙右出，我得到一个感觉，这是不这样做的一个非常安全的方式......在那里做这所有的最佳实践？

Being aware of tools like Red Gate's .NET Reflector which can pull my key right out, I get a feeling that this is not a very safe way of doing it... are there any best practices to doing this?

推荐答案

您必须决定什么是可接受的风险水平。有这样做的没有安全的方式。

You have to decide what is an acceptable level of risk. There is no "safe" way of doing this.

如果有人使用反射，或刚刚开放的组件使用System.Reflection.Assembly类，并抢得资源的方式，实在是太大了，那么你的下一个步骤可能是从服务器上下载时的主要风险你开始了。

If the risk of someone using reflector, or just opening up the assembly using the System.Reflection.Assembly class and grabbing the resource that way, is too great, then your next step is probably to download the key from the server when you start up.

这时，有人将您在使用code像做调试，抓住关键的方式。您可以过期的东西，被高速缓存，并交换了钥匙。你可以把它使每个人都有自己的密钥保护一个用户的数据从另一个用户。

Then someone will have to do something like debug while using your code and grab the key that way. You can expire stuff that is cached and swap out the keys. You can make it so that individuals each have their own keys to protect one user's data from another user.

您可以做很多东西，但如果你的目标是保持有人能够解密信息，你是把自己的机器上装配有解密的能力，你应该知道这是pretty的多是不可能的。所有你能真正做的是提升的成本的盗版你的钥匙/数据;你不能阻止它。

You can do a lot of stuff but if your goal is to keep someone from being able to decrypt information that an assembly you are putting on their machine has the ability to decrypt, you should know it's pretty much impossible. All you can really do is elevate the cost of pirating your keys/data; you can't stop it.