ASPNET_REGIIS: Place AES key and IV into a KeyContainer

Question

Is it possible to place an AES key and IV into a KeyContainer using ASPNET_REGIIS? If yes, how?

Context:

I have created AesProtectedConfigurationProvider to encrypt web.config data using AES as opposed to Triple DES (i.e., 3DES). I have also created a console application that uses the AesProtectedConfigurationProvider in order to generate both the AES key and initialization vector (IV). I can save the key to a text file and then reference the text file in the provider of the web.config. From there, I am able to encrypt the web.config file. But, I would like to protect the keys.txt file by moving them into a KeyContainer, if that is possible.

So, under the provider tag, the section for keyContainerName would be:

keyContainerName="AesKeyContainer" 

as opposed to

keyContainerName="C:\AesKey.txt"

My understanding is the current encryption offering that is available out of the box in ASPNET_REGIIS uses 3DES to encrypt the contents of the web.config file while the RsaProtectedConfigurationProvider is used to encrypt the 3DES keys (please correct me if I am wrong on this). So, if it is possible to use the RsaProtectedConfigurationProvider to encrypt the AES keys into a KeyContainer then that would be helpful. I have reviewed the following sites and I am not sure if this is possible:

https://msdn.microsoft.com/en-us/library/33ws57y0.aspx

How to encrypt web.config with AES instead of 3DES

EDIT: Does anyone know why Microsoft took out the AesProtectedConfigurationProvider in subsequent releases of .NET? This seems like a step backwards as AES is the current standard while 3DES is no longer recommended. In speaking with a colleague, they mentioned that it may have been removed due to a security flaw, such as; elevation of privileges. Microsoft is known for making unannounced changes with respect to security. But, I would like to know if anyone knows for sure. If, indeed, a flaw was found in the AesProtectedConfigurationProvider, then I might be inclined to stay with 3DES.

Answer 1

RsaProtectedConfigurationProvider and AesProtectedConfigurationProvider, despite very similar names, are parts of different universes.

RsaProtectedConfigurationProvider resides in System.Configuration and is used (as other providers inheriting from abstract ProtectedConfigurationProvider) for encryption/decryption of configuration sections in web.config for ASP.NET applications.

AesProtectedConfigurationProvider in its turn resides in Microsoft.ApplicationHost and is used only for IIS configuration encryption. In configuration file of default application pool (DefaultAppPool.config) you will find following:

<configProtectedData>
    <providers>
        <!-- ... -->
        <add name="AesProvider" type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider" ... />
        <add name="IISWASOnlyAesProvider" type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider" ... />
    </providers>
</configProtectedData>

You could read about AesProvider and IISWASOnlyAesProvider in IIS Securing Configuration article:

AesProvider - Encrypting IIS configuration sections read by the IIS worker process using AES encryption.

IISWASOnlyAesProvider - Encrypting IIS configuration sections read by WAS using AES encryption.

So answering your first question:

1. Confirm whether using the AesProtectedConfigurationProvider is safe. It was removed by Microsoft in subsequent releases of .NET but I cannot seem to find a reason

Yes, using of your custom AES provider is safe if we assume that you have implemented it correctly without security flaws. Microsoft has not removed AesProtectedConfigurationProvider from .Net Framework, it was never a part of System.Configuration. If Microsoft has found security flaw in its implementation, they could just fix it instead of removing, correct?

2. Provide steps to implement the AesProtectedConfigurationProvider and to create a KeyContainer in ASPNET_REGIIS

I believe you can have AES encryption without implementing custom AesProtectedConfigurationProvider.

I dig into source code of RsaProtectedConfigurationProvider and found that it has the following logic:

private SymmetricAlgorithm GetSymAlgorithmProvider() {
    SymmetricAlgorithm symAlg;

    if (UseFIPS) {
        // AesCryptoServiceProvider implementation is FIPS certified
        symAlg = new AesCryptoServiceProvider();
    }
    else {
        // Use the 3DES. FIPS obsolated 3DES
        symAlg = new TripleDESCryptoServiceProvider();

        byte[] rgbKey1 = GetRandomKey();
        symAlg.Key = rgbKey1;
        symAlg.Mode = CipherMode.ECB;
        symAlg.Padding = PaddingMode.PKCS7;
    }

    return symAlg;
}

As you see, default RSAProtectedConfigurationProvider supports switch from Triple DES to AES encryption by means of System.Security.Cryptography.AesCryptoServiceProvider.

UseFIPS flag is read from configuration section of RsaProtectedConfigurationProvider. You could set it on machine level (machine.config) so that it's applied to all encrypted configs or only for specific web.config.

For later case add following section to web.config (I have copied the section from machine.config and added useFIPS="true"):

<configuration>

  <!-- ... -->

  <configProtectedData>
    <providers>
      <remove name="RsaProtectedConfigurationProvider"/>
      <add name="RsaProtectedConfigurationProvider"
           type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
           description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
           keyContainerName="NetFrameworkConfigurationKey"
           cspProviderName=""
           useMachineContainer="true"
           useOAEP="false"
           useFIPS="true"
           />
    </providers>
  </configProtectedData>

  <!-- ... -->

</configuration>

Now if you run aspnet_regiis, you will see that data is encrypted with 256 bit AES:

<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />

The AES symmetric key is stored in the same way as for Triple DES mode: the key is encrypted with RSA and is embedded into encrypted section while RSA key is stored in machine key container. See this blog post for more details.

I believe using of AES encryption that is already implemented in RsaProtectedConfigurationProvider is far better option than custom AES provider. You are using existing key storing method and you are protected from possible (highly probable) security flaws.