Show Table of Contents

Which version of .NET Framework does CipherSafe.NET require?

CipherSafe.NET works with all .NET Framework versions from 1.1 to 4.5. However, you may need to use an older version of the product if you need to run it on an older version of the .NET Framework.

Back to top

Does CipherSafe.NET run on a 64-bit platform?

Yes. CipherSafe.NET assemblies are platform independent, so they will work on both 32- and 64-bit platforms.

Back to top

Can the CipherSafe.NET API be called from unmanaged code?

Yes, CipherSafe.NET comes with a wrapper COM object that can be called from an unmanaged application.

Back to top

Does CipherSafe.NET run on the Mono platform?

We haven't tried it.

Back to top

What types of applications can CipherSafe.NET manage?

Here is the list of the application types CipherSafe.NET can manage:

  • Web Applications Category.WebApp

    Immediate virtual directory hosting ASP.NET or classic ASP applications (including Web services). This directory must be configured as an IIS application.
  • Web Directories Category.WebDir

    Immediate virtual directory hosting ASPs or Web services. This directory does not have to be configured as an IIS application.
  • Web Files Category.WebFile

    An individual ASP, ASPX, or ASMX file.
  • Windows Directories Category.WinDir

    Any application (executable) running from a specific Windows® directory.
  • Executable Files Category.ExeFile

    A specific executable file. It can be a Windows® service, a console application, and so on.
  • Library Files Category.LibFile

    A managed DLL (assembly).
  • Windows Scripts Category.WinScript

    A specific script that runs inside of Windows Script Host (can be a VBScript, a JavaScript, or a WSF file).
  • Configuration Files Category.ConfigFile

    Any managed application that can store settings in a configuration file, such as web.config or app.config. This type can be used to protect settings of web applications, as well as executable files. This is the only application type that keeps CipherSafe.NET-managed settings in the configuration files instead of Windows® registry.
  • Hosted Applications Category.HostedApp

    A hosted application, such as a WCF service hosted in IIS.

How does CipherSafe.NET determine path to the caller application?

When an application invokes the CipherSafe.NET API to retrieve its profile, CipherSafe.NET first attempts to detect the path to the caller using the objects and properties appropriate for the specific application types (or categories). CipherSafe.NET may need to probe multiple properties until one of them returns a value. Here is the list of properties and the probing order for each supported application type:

  • Web Application Category.WebApp

    1. The PhysicalApplicationPath property of the Request object belonging to the current HTTP context.
    2. Static HttpRuntime.AppDomainAppPath property.
    3. The APPL_PHYSICAL_PATH server variable (classic ASP).
  • Web Directory Category.WebDir

    1. The directory part of the PhysicalPath property of the Request object belonging to the current HTTP context.
    2. The directory part of the PATH_TRANSLATED server variable (classic ASP).
  • Web File Category.WebFile

    1. The PhysicalPath property of the Request object belonging to the current HTTP context.
    2. The PATH_TRANSLATED server variable (classic ASP).
  • Windows Directory Category.WinDir

    1. The directory part of the caller process' MainModule's FileName property.
  • Executable File Category.ExeFile

    1. The caller process' MainModule's FileName property.
  • Library File Category.LibFile

    1. The Location property of the immediate caller assembly.
  • Windows Script Category.WinScript

    1. The ScriptFullName property of the intrinsic WScript object (the calling script must pass the WScript object to the API).
  • Configuration File Category.ConfigFile

    1. The ConfigurationFile property of the AppDomain object. The configuration file must be located in the same directory as the caller's main executable file or the ASP.NET/hosted application.
  • Hosted Application Category.HostedApp

    1. The ApplicationPhysicalPath property of the intrinsic HostingEnvironment object.

Back to top

How does CipherSafe.NET protect encryption keys?

Key management is a complex topic thoroughly described in the CipherSafe.NET User's Guide. In the nutshell, CipherSafe.NET derives application keys from the application types and paths and then protects them using the global machine key. The global machine key can be entered by an administrator or generated randomly. Once defined, the machine key is protected by the credentials of a designated Windows® user account.

Back to top

What type of encryption does CipherSafe.NET use?

CipherSafe.NET uses the U.S. Government-approved Advanced Encryption Standard (AES) algorithm with 256-bit keys.

Back to top

Is CipherSafe.NET code FIPS-compliant?

No, CipherSafe.NET was first released when .NET Frameworks did not distinguish between FIPS compliant and non-compliant classes. However, the product uses FIPS-compatible algorithms, such as AES with 256-bit key, 128-bit block size, and cipher block chaining (CBC) making it essentially FIPS-compliant, but not FIPS-certified (read about FIPS and managed code in Crypto Craziness: Meeting FIPS Requirements with Managed Code by John Bristowe).

Back to top

Does lack of FIPS compliance mean that CipherSafe.NET code is less secure?

No, it means that the managed implementation of the cryptographic algorithms that CipherSafe.NET uses has not been verified [by Microsoft] under the NIST Cryptographic Module Verification Program. Essentially, FIPS compliance is more about interoperability between cryptographic algorithm implementations than security. For additional information about Microsoft® and FIPS, see FIPS 140 Evaluation.

Back to top

Can I use CipherSafe.NET on a system running in the FIPS compliance mode?

Yes, but your application needs to turn off FIPS compliance (for the application scope) by setting the enforceFIPSPolicy setting in the configuration file to false.

Back to top

Can I restore application profiles protected by CipherSafe.NET on a different computer (e.g. from a drive image)?

Sure, but you (or the applications) will not be able to decrypt the encrypted settings unless you define the same machine key as used by the source system (if you could, so would a hacker).

Back to top

Is CipherSafe.NET functionality tied to computer properties?

If you are not using CipherSafe.NET Key Manager Service for managing machine key, encryption keys that CipherSafe.NET uses will be dependent on the following system characteristics:

  • Computer name
  • Serial number of the system volume
  • CPU
  • System motherboard
If you change any of these properties -- say, you reformat the system drive, rename the computer, or replace the CPU or motherboard -- CipherSafe.NET will not be able to decrypt the currently defined application settings. We strongly advice against not using the CipherSafe.NET Key Manager Service for managing machine key.

Back to top

What else can affect the functionality of CipherSafe.NET?

If you configure the product to use CipherSafe.NET Key Manager service (as you should), and run the Key Manager Service under a local (not domain) account, and reset the forgotten password of this account via some other administrative account, then CipherSafe.NET will not be able to decrypt currently defined settings. To avoid this problem, run the Key Manager Service under a domain account, or, if you run it under a local account, make sure you remember its password, so you do not need to reset it (changing password is okay). A good idea is to use a user-defined machine key (instead of the randomly generated key), so if a problem like this occurs, you will be able to easily fix it.

Back to top

How is CipherSafe.NET product registration enforced?

CipherSafe.NET ties product registration to the name of computer and serial number of the system volume where it is installed. If you change any one of these two settings, you will need to re-register the product (and if you do not unregister it before making the change, you will leak licenses).

Back to top

I forgot to unregister CipherSafe.NET before rebuilding the system and now I cannot register it because I have no licenses left?

Don't worry. Please contact us and we'll take care of it.

Back to top

I bought a license for an Enterprise Edition of CipherSafe.NET. Can I use a Professional Edition?

Yes.

Back to top

I bought a license for a Professional Edition of CipherSafe.NET. Can I use an Enterprise Edition?

No.

Back to top

Can I get the CipherSafe.NET source code?

Normally, we do not share the source code, but if you absolutely need it, please contact us. Requests for source code will be only entertained for holders of valid Site, Corporate, or Redistributable licenses.

Back to top