A post-build weaver that encrypts literal strings in your .NET assemblies without breaking ClickOnce.
CryptStr.Fody modifies a .NET assembly (not source code) by encrypting literal strings (e.g. passwords and connection strings) to hide them from reflection/decompilers. It does not encrypt strings declared as constant class members, but that can be fixed by
changing them from "constant" to "static readonly".
CryptStr.Fody is a Fody plugin. Fody is an extensible tool for "weaving" .NET assemblies. For more information about Fody, see
CryptStr works by integrating into your assembly's build process in Visual Studio. To use it, make sure you have the NuGet extension installed for Visual Studio (it comes with VS 2012). Then search for the CryptStr.Fody package and install it. That's
it! The NuGet page for CryptStr is at
Since CryptStr.Fody depends on Fody, Fody will be installed automatically. The installation process adds a build task that runs Fody, which runs CryptStr.Fody. When you build your project, the Fody task executes after the assembly is created but before the
ClickOnce manifests are built/signed. Therefore, CryptStr.Fody does not break your ClickOnce deployments.
You can use a reflection tool such as ILSpy to verify that your literal strings are no longer visible.
By default, CryptStr encrypts strings of length 1 - 1000000. If you feel this causes an issue with the size or performance of your assembly, you can reduce the number of strings that get encrypted by changing the minimum and/or maximum length of the strings
to be encrypted. After all, you probably don't have any 1 or 1000 character passwords. You can set the minimum and maximum length of strings to encrypt in the FodyWeavers.xml file like this.
<?xml version="1.0" encoding="utf-8"?>
<CryptStr MinLen="2" MaxLen="10"/>