Encrypting app.config File

Question

I have an app.config file that I need to distribute with my application. It was created because of a Service Reference to an ASMX web service I added.

It isn't a huge deal if this file is modified/viewed, but I still would like to make it secure. I already check the hash of the config and make sure it is valid, but I still want an added layer of protection.

Here is my config: http://pastie.org/private/zjdzadnfwrjvwkmlbdsqw

So is there anything in there that I can encrypt or anything?

Answer 1

You cannot encrypt the entire <system.serviceModel> - it's a configuration section group, which contains configuration sections.

The aspnet_regiis will only encrypt configuration sections - so you need to selectively encrypt those parts you need, like this:

cd C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 aspnet_regiis.exe -pef "system.serviceModel/bindings" . aspnet_regiis.exe -pef "system.serviceModel/services" . 

etc.

With this, you can encrypt what you need easily - what isn't too important, can be left in clear text.

Word of warning: since it's aspnet_regiis, it expects to be dealing with a web.config file - copy your app.config to a location and call it web.config, encrypt your sections, and copy those encrypted sections back into your own app.config.

Or write your own config section encrypter/decrypter - it's really just a few lines of code! Or use mine - I wrote a small ConfigSectionCrypt utility, come grab it off my OneDrive - with full source (C# - .NET 3.5 - Visual Studio 2008). It allows you to encrypt and decrypt sections from any config file - just specify the file name on the command line.