Menu
I am using System.Configuration to encrypt and protect some passwords in a custom configuration section vis:-.
static public void SetPassAndProtectSection(string newPassword)
{
// Get the current configuration file.
System.Configuration.Configuration config =
ConfigurationManager.OpenExeConfiguration(
ConfigurationUserLevel.None);
// Get the section.
MyAppProtectedSection section =
(MyAppProtectedSection)config.GetSection(DEFAULT_SECTION_NAME);
section.DBPassword = newPassword;
// Protect (encrypt)the section.
section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
// Save the encrypted section.
section.SectionInformation.ForceSave = true;
config.Save(ConfigurationSaveMode.Full);
}
This appears to work fine but I need some extra information for my documentation.
Where is the Key stored?
How long is the Key?
515
The RsaProtectedConfigurationProvider class gives you a way to encrypt sensitive information stored in a configuration file, which helps protect it from unauthorized access.
App section has an attribute ( configProtectionProvider ) which indicates that only that section is encrypted, and the applicationSettings (element) is not affected.
User level keys are stored at
\Documents and Settings{UserName}\Application Data\Microsoft\Crypto\RSA
Machine-level keys at
\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
Yours is a user-level key.
63
I had a scenario where I needed to grant a local service account access to the RsaProtectedConfigurationProvider key on a Windows 2012 server.
In the end, granting access on C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys did the trick.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
