-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP Use machine key for encryption instead of ProtectSection() #22
base: master
Are you sure you want to change the base?
Changes from all commits
eece64e
6b0ead3
2ca4249
92bb6e5
f047277
a145cf0
288575c
27bf288
44323e7
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,6 +6,7 @@ | |
using System.Linq; | ||
using System.Reflection; | ||
using System.Windows.Forms; | ||
using LauncherServerClasses; | ||
|
||
namespace LauncherClient | ||
{ | ||
|
@@ -32,6 +33,8 @@ public Launcher() | |
host = new ApiHost(); | ||
host.StartHost(); | ||
|
||
//encryption = new Encryption("the machine key"); | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Did you mean to leave this comment in the code? |
||
Configuration configuration = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None); | ||
baseURL = configuration.AppSettings.Settings["BaseURL"].Value; | ||
computerKey = configuration.AppSettings.Settings["ComputerKey"].Value; | ||
|
@@ -122,8 +125,16 @@ private void game_start_timer_Tick(object sender, EventArgs e) | |
public void SetConfigValue(string key, string value) | ||
{ | ||
Configuration configuration = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None); | ||
|
||
if(key == "Secret") | ||
{ | ||
//string encryptedValue = encryption.Encrypt(value); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. did you mean to leave this comment in the code? |
||
string encryptedValue = MachineKeyEncryption.Protect(value, $"Secret for computer {computerKey}"); | ||
value = encryptedValue; | ||
} | ||
|
||
configuration.AppSettings.Settings[key].Value = value; | ||
configuration.AppSettings.SectionInformation.ProtectSection(null); | ||
//configuration.AppSettings.SectionInformation.ProtectSection(null); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I promise I'm gonna stop leaving this comment after this, but... did you mean to leave this comment in the code? please keep thinking about it as you look at this PR in total, even though I've stopped commenting. |
||
configuration.Save(); | ||
|
||
ConfigurationManager.RefreshSection("appSettings"); | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -66,7 +66,7 @@ | |
<ApplicationManifest>Properties\app.manifest</ApplicationManifest> | ||
</PropertyGroup> | ||
<PropertyGroup> | ||
<SignManifests>true</SignManifests> | ||
<SignManifests>false</SignManifests> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. what does this change do? |
||
</PropertyGroup> | ||
<ItemGroup> | ||
<Reference Include="Microsoft.Owin, Version=3.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"> | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
# Academy Session 9 | ||
|
||
## Local Encryption Fix | ||
|
||
Team members: | ||
|
||
- Colin Jones | ||
- Andrew Horner | ||
- Joshua Storrs | ||
- Jesse Landis-Eigsti | ||
- Liz Kimbell | ||
|
||
## The problem | ||
|
||
Recently, the LauncherClient application that is used to open Steam and run games stopped being able to save and load the settings sent to it from the server. The secret key was being stored in LauncherClient.exe.config, and it was encrypted using the ProtectSection() method. If the program is run as Administrator, it works again, but that isn't ideal. The program produced an error that took some digging to fully understand. | ||
|
||
It took time to discover how to reproduce the error outside of LFG, but it turned out to be possible by creating an additional Windows account (which would have lesser privileges) and running LauncherClient and the React interface on that. | ||
|
||
It turns out that ProtectSection() is mainly intended to be used on server applications with administrator access, for i.e. storing database connection strings. Previously, it still worked to use it client-side, even though it wasn't the intended use. It seems that with some recent Windows update(s) this approach doesn't work anymore on most machines. | ||
|
||
## The solution | ||
|
||
The app config file can still be used without administrator privileges as long as ProtectSection() isn't used. However, we still needed to encrypt the data somehow for security. | ||
|
||
Luckily, we were able to encrypt and decrypt it using the machine key instead of ProtectSection(), simply storing the pre-encrypted string in the config file and decrypting it when it's loaded in. The machine key is something every Windows installation will have available. The code in [this link](https://stackoverflow.com/questions/36812592/encrypt-and-decrypt-with-machinekey-in-c-sharp) demonstrates how to use the machine key to encrypt and decrypt data. | ||
|
||
The problem has been solved in [this commit](https://github.com/ColsterJ/GameLauncher/commit/2ca4249fc4ace5627b43b580ae5dd43e5e05b9e0). Even though that post seems to be discussing an ASP.NET application, the strategy worked for us in our client-side app. John has tested this on a few computers at LFG, and the application now works without running as administrator! | ||
|
||
## Further work | ||
|
||
- There should be checks in place if decrypting the secret with the machine key causes some kind of error. | ||
- There are plenty of other areas to work on, such as: | ||
- Documenting the process to setup the server and client | ||
- Explaining where the different pieces are located in the repository | ||
- Improving the React frontend both visually and in terms of code | ||
- Improving the GUI of the LauncherClient |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This class is added to provide a different encryption method for hiding the secret key, locally, on the client machine. The "Protect" and "UnProtect" methods are used for encrypting and decrypting the secret key using the machine key, instead of using RSA.