HexToBin and BinToHex

While dealing with storing parts of an X509 certificate, I’ve found the need for a couple of utility methods that allow converting the string representations of the Public Key to a byte array (or vice versa). That’s what the HexToBin() method does. Included also is BinToHex() for going the other direction.
<br />Private Shared Function BinToHex(ByVal data As Byte()) As String<br /> If Not data Is Nothing Then<br /> Dim sb As New System.Text.StringBuilder<br /> For i As Integer = 0 To data.Length - 1<br /> sb.Append(data(i).ToString("X2"))<br /> Next<br /><br /> Return sb.ToString()<br /> Else<br /> Return Nothing<br /> End If<br />End Function<br />
<br />Public Shared Function HexToBin(ByVal s As String) As Byte()<br /> Dim arraySize As Integer = CInt(s.Length / 2)<br /> Dim bytes(arraySize - 1) As Byte<br /> Dim counter As Integer<br /><br /> For i As Integer = 0 To s.Length - 1 Step 2<br /> Dim hexValue As String = s.Substring(i, 2)<br /><br /> ' Tell convert to interpret the string as a 16 bit hex value<br /> Dim intValue As Integer = Convert.ToInt32(hexValue, 16)<br /> ' Convert the integer to a byte and store it in the array<br /> bytes(counter) = Convert.ToByte(intValue)<br /> counter += 1<br /> Next<br /><br /> Return bytes<br />End Function<br />
If you found this article helpful:

New BETA2 of Microsoft Threat Analysis & Modeling v2.0

BETA2 of Microsoft Threat Analysis & Modeling v2.0 (formerly codenamed “ACE Torpedo”) is now available for download here.

This tool is really starting to shape up!

HOWTO: Use the aspnet_setreg utility to encrypt other values in the Web.Config

Here’s a slight hack I came up with to store encrypted connection strings in the registry that mimic the aspnet_setreg utility that comes with the .NET framework:

First you’ll run the aspnet_setreg command:

c:\> aspnet_setreg -k:Software\ASP.NET\MyKey -c:"data source=server;userid=user;password=password"

Please edit your configuration to contain the following:

sqlConnectionString = "registry:HKLM\Software\ASP.NET\MyKey\ASPNET_SETREG,sqlConnectionString"

The DACL on the registry key grants Full Control to System, Administrators, and Creator Owner.

If you have encrypted credentials for the <identity> configuration section, or a connection string for the <sessionstate> configuration section, ensure that the process identity hasRead access to the registry key. Furthermore, if you have configured IIS to access content on a UNC share, the account used to access the share will need Read access to the registry key. Regedt32.exe may be used to view/modify registry key permissions.

You may rename the registry subkey and registry value in order to prevent discovery.This command will create a Key in the registry here:

HKEY_LOCAL_MACHINE\Software\ASP.NET\MyKey\ASPNET_SETREG

Within that key it will create a Binary Value called “sqlConnectionString” set to the encrypted value of your connection string.

From here, I like to make one more modification:

Since I may not be storing a SQL Connection string, I’ll rename "sqlConnectionString" to something else more meaningful. For this example I’ll rename it to "customConnectionString"Next, I’ll add the following to my ‘web.config’
<br /><appSettings><br /> <add key="ConnectionString" value="registry:HKLM\Software\ASP.NET\MyKey\ASPNET_SETREG,customConnectionString" /><br /></appSettings><br />
Next, I have written the following class which takes advantage of the NCrypto library to easily decrypt the connection string in the registry.
<br />Imports Microsoft.Win32<br />Imports NCrypto.Security.Cryptography<br />Imports System.Text<br /><br />Public Enum RegistryHive<br /> HKLM ' HKEY_LOCAL_MACHINE<br /> HKCR ' HKEY_CLASSES_ROOT<br /> HKCU ' HKEY_CURRENT_USER<br /> HKU ' HKEY_USERS<br /> HKCC ' HKEY_CURRENT_CONFIG<br />End Enum<br /><br />Public Class RegistryCryptoUtility<br /> Private Const COLON_DELIMITER As String = ":"<br /> Private Const COMMA_DELIMITER As String = ","<br /> Private Const BACKSLASH_DELIMITER As String = chr(92)<br /> Private Const REGISTRY_PREFIX As String = "registry:"<br /><br /> ' Receives a string in the format:<br /> ' registry:HKLM\Software\ASP.NET\MyKey\ASPNET_SETREG,sqlConnectionString<br /> ' and pulls the value from the correct registry hive, and extracts and<br /> ' decrypts the connection string information<br /> Public Shared Function DecryptRegistryConnectionString( _<br /> ByVal configConnectionSetting As String _<br /> ) As String<br /> Dim regKey As RegistryKey<br /> Dim registryBytes As Byte()<br /><br /> If configConnectionSetting.StartsWith(REGISTRY_PREFIX) Then<br /> Dim regKeyPathAndKey As String = _<br /> configConnectionSetting.Split(COLON_DELIMITER.ToCharArray())(1)<br /><br /> Dim regKeyPath As String = _<br /> regKeyPathAndKey.Split(COMMA_DELIMITER.ToCharArray())(0)<br /><br /> Dim keyName As String = _<br /> regKeyPathAndKey.Split(COMMA_DELIMITER.ToCharArray())(1)<br /><br /> Dim regkeyHive As RegistryKey<br /><br /> ' Open the proper Registry Hive<br /> If regKeyPath.StartsWith( _<br /> System.Enum.GetName(GetType(RegistryHive), RegistryHive.HKLM) _<br /> ) Then<br /> regkeyHive = Registry.LocalMachine<br /> ElseIf regKeyPath.StartsWith( _<br /> System.Enum.GetName(GetType(RegistryHive), RegistryHive.HKCR) _<br /> ) Then<br /> regkeyHive = Registry.ClassesRoot<br /> ElseIf regKeyPath.StartsWith( _<br /> System.Enum.GetName(GetType(RegistryHive), RegistryHive.HKCU) _<br /> ) Then<br /> regkeyHive = Registry.CurrentUser<br /> ElseIf regKeyPath.StartsWith( _<br /> System.Enum.GetName(GetType(RegistryHive), RegistryHive.HKU) _<br /> ) Then<br /> regkeyHive = Registry.Users<br /> ElseIf regKeyPath.StartsWith( _<br /> System.Enum.GetName(GetType(RegistryHive), RegistryHive.HKCC) _<br /> ) Then<br /> regkeyHive = Registry.Users<br /> Else<br /> Throw New ApplicationException("Unknown Key reference: " & _<br /> regKeyPath)<br /> End If<br /><br /> Dim seperatorPosition As Integer = _<br /> regKeyPath.IndexOf(BACKSLASH_DELIMITER, 0) + 1<br /> regKeyPath = regKeyPath.Substring( _<br /> seperatorPosition, regKeyPath.Length - seperatorPosition)<br /> regKey = regkeyHive.OpenSubKey(regKeyPath)<br /> registryBytes = CType(regKey.GetValue(keyName), Byte())<br /><br /> Return Encoding.Unicode.GetString( _<br /> ProtectedData.Unprotect(registryBytes))<br /> Else<br /> ' return the Config string, registry not specified<br /> Return configConnectionSetting<br /> End If<br /> End Function<br />End Class<br />

Finally, all that is left is to use the code above to extract the encrypted value from the connection string whenever you need it:

<br />Dim connectionString As String = _<br /> RegistryCryptoUtility.DecryptRegistryConnectionString(_<br /> ConfigurationSettings.AppSettings()("ConnectionString")) <br />
That's all there is to it.
References: How to use the ASP.NET utility to encrypt credentials and session state connection strings (Microsoft KB329290)

If you find this article helpful: