Software Development Portfolio

API Key Generator

Includes Design, cryptography, security, c#

Introduction

We had some confusion between multiple client applications, their API keys and the API that they were using. I thought a utility that would provide new keys and passwords might be handy.

Generating the Keys

The system uses the Microsoft.NET RNGCryptoServiceProvider to securely generate a random string for use as a key which excludes special characters that can't be HTML encoded.

Passwords are generated in the same way, except that special characters are added in and the length of the password is limited to make it much shorter.

Beefing up the Security

Simply having a password to go into your database isn't enough. While a normal brute force attacker would take several hundred years, it can still be guessed, so I ran the password through the bcrypt hashing function to secure it even further.

More about bcrypt

Typically its necessary in cryptography to generate a salt value which is applied to the password hash by the hashing function. The salt acts more or less like a key which the hashing function uses to resolve the hash back to the original value.

bcrypt has its salting built-in which means that it isn't actually necessary to manually salt the value when encrypting it - although you could if you wanted to.