By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,709 Members | 2,164 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,709 IT Pros & Developers. It's quick & easy.

??? Which Key Encrypts .Config Files ???

P: n/a
Hi everyone,

I have a small block of code that encrypts a database connection string in a
..config file, but I'm not sure where the encryption key comes from. There is
no problem with this code -- it seems to be working fine -- I am able to
retrieve the connection string with no problem after it's been encrypted.

Let me show you the snippet of code that performs the encryption:

using System.Configuration;
// ...
ConnectionStringSettings settings = new ConnectionStringSettings;
settings.Name = "MyConnString";
settings.ConnectionString = "DataSource=...;password=...";
Configuration config =
ConfigurationManager.OpenExeConfiguration(Configur ationUserLevel.None);
config.ConnectionStrings.ConnectionStrings.Add(set tings);
config.ConnectionStrings.SectionInformation.Protec tSection(null);
config.Save();

When I look in the resulting .config file, here's what I see:

<configuration>
<connectionStrings
configProtectionProvider="RsaProtectedConfiguratio nProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData <-- I BELIEVE THIS IS THE ENCRYPTED
KEY -->
<CipherValue>ej/sRsbuZIC3ZnpxLvQbveZMzzEB51jWkCUDN93X38MMcXtR0uJ2L Ce2ZbNWWyu/v5nFg5o+i9U3roEFSd0h6hKXPWkO5DkU6KOGRLwhwEE/H+XVGzEVwI10OMKClMYo/hPB7hzD9ILb2yDzdKjHlCTaKBs5Rr3zSD8Ez3YhvP8=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData <-- I BELIEVE THIS IS THE ENCRYPTED CONNECTION
STRING -->
<CipherValue>gXZlWUm53KNigp2H8oa7b1DUkeSDlQnWuaqQw FNCpRf74GheR6HFPnXXlGvyOaU0ekcEvRZOKKCrkDSOXP6lxlp 5qttC/1Ab0QcCJc1FJWvEkn0J/mBZdByyaRxg7UoxFyBn5fQ448LaUhd6JPCe2JW2V9AnkCDDuUq uWYoO3cFCYZtSpr4zo8tnimYxIJrwoNBDWY/PO8lq6dO+S/me6yw7CTN6njZ1eATGIgKI8VQxJDuPLvIemVLc83/900OJO3iBgukFuSY=</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>
Notice the first <CipherValueelement (nested within the first <CipherData>
element). I believe this <CipherValueelement contains the encryption key
used to encrypt the connection string, and this encryption key is itself,
encrypted. Every time I run the code snippet a *new* encryption key is
generated.

Now, here is my question: Since the encryption key is being stored in the
..config file, and since this encryption key is itself encrypted, what key is
being used to encrypt (and decrypt) the encryption key? Where is this key
stored?

Think of it like this: The encryption key stored in the .config file is used
to encrypt and decrypt the connection string. Since this encryption key is
itself encrypted within the .config file, it *must* have been encrypted
using some other key. Whatever and wherever this other key is, it is also
used to decrypt the embedded encryption key.

Secondarily, is this a security risk? If the key used to encrypt and decrypt
the embedded encryption key is available (and it might be since I don't know
where it's coming from) and if someone gets my .config file, they could
decrypt the embedded encryption key and then use that key to obtain the
connection string, right?

I hope this is clear. I've done a lot of reading and haven't found an
answer.

Thanks very much for reading this far.

--
Tom Baxter

Oct 11 '07 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Mike <Mi**@discussions.microsoft.comwrote:
But if you can only decrypt the config file on the machine it was encrypted
on how do you distribute an enecryted configuration file?
Not sure, to be honest. I suspect it's not really designed for that
kind of scenario though - as soon as you're distributing something,
you'd have to have a shared key somewhere. It could be that there are
ways of tying the key container to an active directory domain account
which the servers could use - but I'm inexperienced (understatement!)
in this area.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
Oct 11 '07 #2

P: n/a
Hi,

you have 2 options:

a) encrypt the config locally (usually at install time)
b) distribute the keys

the aspnet_regiis.exe command line tool has all the options for b) (create
keys, export keys, import keys, acl keys)

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
Mike <Mi**@discussions.microsoft.comwrote:
>But if you can only decrypt the config file on the machine it was
encrypted on how do you distribute an enecryted configuration file?
Not sure, to be honest. I suspect it's not really designed for that
kind of scenario though - as soon as you're distributing something,
you'd have to have a shared key somewhere. It could be that there are
ways of tying the key container to an active directory domain account
which the servers could use - but I'm inexperienced (understatement!)
in this area.

Oct 14 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.