I am learning how to encrypt the ConnectionString for our C# (3.5) Application. I read the .Net Framwork Developer Guide (http://msdn.microsoft.com/en-us/library/89211k9b(VS.80).aspx) about securing connection string. but not fully understand the contents.
It says "The connection string can only be decrypted on the computer on which it was encrypted."
We have a release machine which will build our application which will generate the OurApp.exe.config and then install it to many product machines. Is that meam we have to have this encryption process separated with our application and run it at individual product machine?
We may use the "RSAProtectedConfigurationProvider
". It mentioned we need encryption key
for that provider. when and how we should provide the encryption key?
thanks,
What is C? C is a general-purpose programming language created by Dennis Ritchie at the Bell Laboratories in 1972. It is a very popular language, despite being old. C is strongly associated with UNIX, as it was developed to write the UNIX operating system.
Compared to other languages—like Java, PHP, or C#—C is a relatively simple language to learn for anyone just starting to learn computer programming because of its limited number of keywords.
In C programming language, %d and %i are format specifiers as where %d specifies the type of variable as decimal and %i specifies the type as integer. In usage terms, there is no difference in printf() function output while printing a number using %d or %i but using scanf the difference occurs.
In the real sense it has no meaning or full form. It was developed by Dennis Ritchie and Ken Thompson at AT&T bell Lab. First, they used to call it as B language then later they made some improvement into it and renamed it as C and its superscript as C++ which was invented by Dr.
You only have to run the encryption process once. However, after generating the machine key, you need to propagate that in all the machine.config files in the target machines. The machine.config should be located here:
%FRAMEWORKDIR%\%FRAMEWORKVERSION%\CONFIG
How To: Configure MachineKey in ASP.NET 2.0
: This link has a section on configuring the config key <machineKey validationKey="[generated value here]"
and how to share this between machines.
decryptionKey="AutoGenerate,IsolateApps"
validation="SHA1" decryption="Auto" />
1) Yes, if you use this approach, you would encrypt it per machine it was installed on. If you would have different config per machine anyway, this would be the normal approach from my exp. This is not a good approach if you're trying to send a "secret" connection string.
2) If you haven't seen it, this article I think will answer the question about the RSA provider... http://msdn.microsoft.com/en-us/library/ff650304.aspx
If this is an app used by clients that you need to provide connection info to then:
WORD OF CAUTION: Don't think that by encrypting the config, you are truly protecting yourself from the user running the application. At some point, that string needs to be decrypted by the app to be used to connect to the server. That application may be able to be leveraged to provide that connection to other apps. In short, you shouldn't rely on this as your only strategy to keep users out of the DB. Good security is always a multi pronged effort.
There are two methods of securing a key (actually one, but they head in different directions past the initial firing off of the tool).
Hope this helps.
The config is encrypted using the Machine Key. This means that only the computer with that key can decrypt it. The easiest thing to do is to deploy it with the config unencrypted and then encrypt it when the software runs, or use a seperate process to encrypt the config. You can distribute the original machinekey for use on other machines by using code4life's answer above
Rather than transcribe the step by step of how to use an RSA Encryption Key, please see this MSDN guide - http://msdn.microsoft.com/en-us/library/dtkwfdky.aspx
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With