SecureText  

We use SecureText which is a .NET Library to encrypt and decrypt text by a self-signed certificate installed in certificate store. 

Most of our applications support this library but not all. To make sure, the application we are working on support SecureText, navigate to its folder and make sure we have SecureText.dll. 


Also, make sure we have securetext.dll Version 5.6.0.39887 or newer.


Once these conditions are met, proceed to the following steps to encrypt the data. 

Step 1 - Create a self-signed certificate

Run the following script to create a self-signed Certificate on the machine where we want to encrypt data.

# Define the certificate parameter values
$certSplat = @{
    DnsName = 'DoctoEncCert-sliq-New'
    KeySpec = 'KeyExchange'
    KeyUsageProperty = 'All'
    KeyUsage = @('KeyEncipherment','DataEncipherment','KeyAgreement', 'CertSign','CRLSign','DigitalSignature')
    Type = 'DocumentEncryptionCert'
    CertStoreLocation = 'Cert:\\CurrentUser\\My'
    NotAfter = (Get-Date).AddYears(2)
}
# Create the self-signed document encryption certificate
$cert = New-SelfSignedCertificate @certSplat

Copy the thumbnail of the certificate. 

ls Cert:\ -Recurse -DocumentEncryptionCert


NOTE : Make sure the certificate is accessible to the user running the service/application. If required, Export the created self-signed certificate (PFX) and re-import it on the Personal Certificate Store of that user.


Step 2: Cryptography tool

Download and copy the latest version of the Cryptography tool from TFS to the host machine. 

https://tfs-1.slq.me/tfs/DefaultCollection/Agile/_packaging?feed=Release&package=CryptographyTool&version=5.6.2221.39707&protocolType=NuGet&_a=package#

Before proceeding to encrypting the data, make sure that the Cert we generated earlier is valid and can encrypt and decrypt text as follows.

Encrypt Data:

  1. Paste the Cert Thumbnail copied in first step. 
  2. Write any text in Decrypted Text field. 
  3. Click on Encrypt. 
  4. We should have encrypted data in Encrypted Text field as shown. 

Decrypt Data:

  1. Paste the Cert Thumbnail copied in first step. 
  2. Paste the encrypted data from last step in encrypted Text field. 
  3. Click on Decrypt. 
  4. We should have Decrypted data in Decrypted Text field as shown.

Step 3 - Configure SecureText.dll.config file as follows.

Open the SecureText.dll config file as follows. 

  1. Update Type as CertDecrypt
  2. Update AuthCertThumbprint copied in the first step. 


Note: We can use this SecureText.dll.config for all other applications that are on the same machine and that support SecureText library. 

Step 4 - Encrypt the data with the tool

Copy the API, connection string or any other data that needs to be encryped and encypte it with the tool as shown in step 2 and paste it in the config.

Make sure to have encrypted: in front of the encrypted text. 

<ADOConnectionString>encrypted:s2N5ys5rWAihCI4XRujtijekgJNzzWY/VeByiy7P+3/lyJgLb0+/w+rhu2oE17WZP0zL211FNaUA8+VHev1eakF/cIwYvVr7L90jeJGF1KEgo/Zc1/z/3OEXjjmvYNcSkW/oQad/luoKzOz4hM5FXhNDRDRpaUW+aTLw1ytaOk20Xjby6qGsk60rio3GHvptiROhYkvKeMVGwD6/kVCSI+4eY0ftKIVCXgCpZ+yZuL5gLA0GQyF9PeP7C8ppnNZfWmMHsYtD3c8xhxe5kiLLP0BFsjQi+Q86BaLz4XRs48rJJQibye23NwlImpaGMnsU8RZTtV7AJgSwG+bfZCsHLA==</ADOConnectionString>

The config file will look like


Once all the sensitive information is encrypted, restart the application.