maythamfahmi
commented
1 month ago @jwdonahue as suggest in the other comment, here is PR for using json in stead of XML #114
Closed maythamfahmi closed 1 month ago
maythamfahmi
commented
1 month ago @jwdonahue as suggest in the other comment, here is PR for using json in stead of XML #114
jwdonahue
commented
1 month ago Sorry man, I was in a hurry this morning and hadn't had any coffee yet. There should be a better way to store keys than a plain text file, that is reasonably portable across all the dotnet supported OS's. If not, then we should put some thought into how to make this step more secure.
Maybe an application or user space encrypted database as a fallback for systems that don't want to pay for an online service? Before I went there though, I would check to see what's provided by the OS's, if dotnet doesn't already cover it in a portable way.
jwdonahue
commented
1 month ago I haven't done a deep dive yet, but did find this:
https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.cspparameters?view=net-8.0
maythamfahmi
commented
1 month ago The challenge with the CSP parameter is that it is only supported for Windows OS, if we go that way, we will lose some functionality for cross-platform.
maythamfahmi
commented
1 month ago I suggest that at this stage, we proceed with the changes as plain text and implement a new feature to ensure secure persistent storage. This functionality could potentially be developed in a separate package.
maythamfahmi
commented
1 month ago The converstation regarding this should continue on #82
I have a vague recollection that the [Serializable] attribute was or will be deprecated. Perhaps we should shift to using Microsoft's json support now?
Originally posted by @jwdonahue in https://github.com/maythamfahmi/CryptoNet/issues/108#issuecomment-2424243446