C# connectionString encryption questions

Question

I am learning how to encrypt the ConnectionString for our C# (3.5) Application. I read the .Net Framwork Developer Guide (http://msdn.microsoft.com/en-us/library/89211k9b(VS.80).aspx) about securing connection string. but not fully understand the contents.

1. It says "The connection string can only be decrypted on the computer on which it was encrypted." We have a release machine which will build our application which will generate the OurApp.exe.config and then install it to many product machines. Is that meam we have to have this encryption process separated with our application and run it at individual product machine?

2. We may use the "RSAProtectedConfigurationProvider". It mentioned we need encryption key for that provider. when and how we should provide the encryption key?

thanks,

Answer 1

You only have to run the encryption process once. However, after generating the machine key, you need to propagate that in all the machine.config files in the target machines. The machine.config should be located here:

%FRAMEWORKDIR%\%FRAMEWORKVERSION%\CONFIG

How To: Configure MachineKey in ASP.NET 2.0 : This link has a section on configuring the config key <machineKey validationKey="[generated value here]"
decryptionKey="AutoGenerate,IsolateApps" validation="SHA1" decryption="Auto" /> and how to share this between machines.

Answer 2

1) Yes, if you use this approach, you would encrypt it per machine it was installed on. If you would have different config per machine anyway, this would be the normal approach from my exp. This is not a good approach if you're trying to send a "secret" connection string.

2) If you haven't seen it, this article I think will answer the question about the RSA provider... http://msdn.microsoft.com/en-us/library/ff650304.aspx

If this is an app used by clients that you need to provide connection info to then:

WORD OF CAUTION: Don't think that by encrypting the config, you are truly protecting yourself from the user running the application. At some point, that string needs to be decrypted by the app to be used to connect to the server. That application may be able to be leveraged to provide that connection to other apps. In short, you shouldn't rely on this as your only strategy to keep users out of the DB. Good security is always a multi pronged effort.

Answer 3

There are two methods of securing a key (actually one, but they head in different directions past the initial firing off of the tool).

1. Use DPAPI and the machine's actual key. This is, in some ways, more secure, as nobody knows the key. It is also painful to export the key so you can put it on other machines in a farm. The only other way around is to have to maintain individual connection strings for each server in the farm. This CAN be done, but it is very kludgy. If you go this route, separate out connection strings from the config file so you can still update config on all servers but not whack the connection strings. Come to think of it, that is a good idea anyway.
2. Set up a customized machine key (Google as there are generators out there that can create the key) and then supply that in the config file. You can then easily share keys.

Hope this helps.

Answer 4

1. The config is encrypted using the Machine Key. This means that only the computer with that key can decrypt it. The easiest thing to do is to deploy it with the config unencrypted and then encrypt it when the software runs, or use a seperate process to encrypt the config. You can distribute the original machinekey for use on other machines by using code4life's answer above

2. Rather than transcribe the step by step of how to use an RSA Encryption Key, please see this MSDN guide - http://msdn.microsoft.com/en-us/library/dtkwfdky.aspx