Show Table of Contents

What is CipherSafe.NET?

CipherSafe.NET is a software product that allows Windows® applications to protect database connection strings, passwords, encryption keys, and other sensitive data. It supports a wide range of applications including Windows® scripts, executables, dynamic-link libraries, web sites, web services, virtual directories, Windows® services, and more. CipherSafe.NET comes with a .NET- and COM-based API, a GUI tool, and a command-line interface.

Back to top

Who can benefit from using CipherSafe.NET?

CipherSafe.NET primarily helps application developers and system administrators, but information security specialists and system architects may like it, too.

Back to top

What can CipherSafe.NET do?

CipherSafe.NET can:

  • Encrypt and store application settings in Windows® registry or .config files.
  • Make sure that only the application that owns data can access its settings at run time.
  • Prevent applications from accessing data they do not own.
  • Allow different groups or users to manage settings of different applications on the same machine.
  • Support both managed and unmanaged applications, including Windows® scripts.
  • Export and import application settings from one machine to another.
  • Audit administrative operations.
  • Do a lot more.

Back to top

How does CipherSafe.NET work?

CipherSafe.NET uses U.S. Government-approved encryption algorithms with strong symmetric keys to encrypt sensitive application settings and stores the encrypted values in the Windows® registry or the application configuration files. Each application profile is encrypted with the application- and machine-specific key and cannot be retrieved from other applications or computers.

Back to top

What are major alternatives to CipherSafe.NET?

If you need to protect sensitive application settings, the most reasonable options would be to:

Back to top

What is wrong with alternatives to CipherSafe.NET?

Here are the major problems with most common data protection techniques and tools:

  • They are not easy to use.
  • They are not very secure.
  • They do not work with some applications.
Consider Enterprise Library. To encrypt application settings using Enterprise Library, you must choose between two options: DPAPI or RSA. If you use DPAPI (with machine-specific key), any application running on the same computer will be able to decrypt your application settings. If you use the RSA (public key encryption algorithm) option, you will need to restrict access to the RSA key, and manage the ACLs on the key containers, which -- if you were to do it right -- can quickly turn into a hassle, especially for applications that run under shared system accounts, such as web sites. If you use encryption certificates for data protection, in addition to the above mentioned problems, you will also have to deal with certificate renewals, certificate revocation lists, and other issues.

Back to top

How is CipherSafe.NET different from other data protection methodologies?

CipherSafe.NET takes a more holistic approach to data security. Instead of restricting access to sensitive application settings to Windows® identities (the RSA-, DPAPI with user-specific-key-, certificate-, and any other ACL-based approach) or machine identities (the DPAPI with machine-specific key approach), it uses application identities.

CipherSafe.NET determines application identity at run time based on the application type, absolute path, and optional public-key token (for strong-named assembles). For example, CipherSafe.NET allows you to set up security for an executable application (say, a Windows® service) in the following manner:

  • only users belonging to the Windows® group MYSERVER\App Admins must be able to define the application settings, but
  • only the executable with the absolute path C:\Program File\MyCompany\MyApp.exe must be able to retrieve the application settings.

Back to top

Why is CipherSafe.NET better than alternatives?

CipherSafe.NET is more secure, easier to use, and, unlike its alternative, it supports a wide range of application types. It is trivial to integrate CipherSafe.NET into practically any Windows® application. And it greatly simplifies the task of managing sensitive application data after deployment.

Back to top

What does CipherSafe.NET require?

CipherSafe.NET must run on a Windows® operating system with a .NET Framework. Administrative access to the system is required for the product installation and configuration. Product registration may require access to the Internet.

Back to top

Which programming languages can call the CipherSafe.NET API?

You can use CipherSafe.NET from most application written in managed code (managed C/C++, C#, VB.NET, ASP.NET) or applications that can make COM calls (unmanaged C/C++, VBScript, JavaScript, classic ASP).

Back to top

What types of applications does CipherSafe.NET support?

Currently, CipherSafe.NET can manage profiles of the following application types:

  • Configuration files (app.config, web.config).
  • Executable files.
  • Hosted applications (can be called from global ASP.NET application event handlers).
  • Library files (DLLs).
  • Web applications (root of IIS application).
  • Web directories (virtual directories under IIS applications).
  • Web files (specific ASP.NET file).
  • Windows directories.
  • Windows scripts.
CipherSafe.NET can also restrict sensitive data access to a strong-named assembly with specific public-key token.

Back to top

When to use CipherSafe.NET?

CipherSafe.NET is primarily intended for enterprise applications running within the corporate servers. It can also be used by small businesses or organizations that have access to their application servers.

Back to top

When not to use CipherSafe.NET?

Since CipherSafe.NET is primarily a server-side application, it is not intended for applications that are deployed to end users. It may also not be a feasible option for applications deployed to a hosted infrastructure with limited or no administrative access to the server.

Back to top

Is CipherSafe.NET free?

No, a CipherSafe.NET license must be purchased for commercial use. However, we do offer certain types of licenses to non-profits and educational institutions for free.

Back to top

Is there a trial version of CipherSafe.NET?

Yes, you can use a regular version of CipherSafe.NET without a license for testing purposes. The unregistered version is fully functional, except that it does not allow managing settings of more than one application under each application type.

Back to top

How much does a CipherSafe.NET license cost?

The cost of a license depends on the product edition and the number of computers it covers. The license cost per computer decreases with the number of computers covered by the license. For additional information, please see the Licensing page.

Back to top

What is the difference between the Enterprise and Professional Edition of CipherSafe.NET?

The Enterprise Edition has the following features, which are not available in Professional Edition:

  • Ability to export and import application profiles.
  • More extensive audit logging (Professional Edition only logs critical errors).
In all other respects both editions are identical.

Back to top

What else?

See also:

Example (walkthrough)
Frequently asked questions
Release notes