Hi everyone,
I have a small block of code that encrypts a database connection string in a
..config file, but I'm not sure where the encryption key comes from. There is
no problem with this code -- it seems to be working fine -- I am able to
retrieve the connection string with no problem after it's been encrypted.
Let me show you the snippet of code that performs the encryption:
using System.Configuration;
// ...
ConnectionStringSettings settings = new ConnectionStringSettings;
settings.Name = "MyConnString";
settings.ConnectionString = "DataSource=...;password=...";
Configuration config =
ConfigurationManager.OpenExeConfiguration(Configur ationUserLevel.None);
config.ConnectionStrings.ConnectionStrings.Add(set tings);
config.ConnectionStrings.SectionInformation.Protec tSection(null);
config.Save();
When I look in the resulting .config file, here's what I see:
<configuration>
<connectionStrings
configProtectionProvider="RsaProtectedConfiguratio nProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData <-- I BELIEVE THIS IS THE ENCRYPTED
KEY -->
<CipherValue>ej/sRsbuZIC3ZnpxLvQbveZMzzEB51jWkCUDN93X38MMcXtR0uJ2L Ce2ZbNWWyu/v5nFg5o+i9U3roEFSd0h6hKXPWkO5DkU6KOGRLwhwEE/H+XVGzEVwI10OMKClMYo/hPB7hzD9ILb2yDzdKjHlCTaKBs5Rr3zSD8Ez3YhvP8=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData <-- I BELIEVE THIS IS THE ENCRYPTED CONNECTION
STRING -->
<CipherValue>gXZlWUm53KNigp2H8oa7b1DUkeSDlQnWuaqQw FNCpRf74GheR6HFPnXXlGvyOaU0ekcEvRZOKKCrkDSOXP6lxlp 5qttC/1Ab0QcCJc1FJWvEkn0J/mBZdByyaRxg7UoxFyBn5fQ448LaUhd6JPCe2JW2V9AnkCDDuUq uWYoO3cFCYZtSpr4zo8tnimYxIJrwoNBDWY/PO8lq6dO+S/me6yw7CTN6njZ1eATGIgKI8VQxJDuPLvIemVLc83/900OJO3iBgukFuSY=</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>
Notice the first <CipherValueelement (nested within the first <CipherData>
element). I believe this <CipherValueelement contains the encryption key
used to encrypt the connection string, and this encryption key is itself,
encrypted. Every time I run the code snippet a *new* encryption key is
generated.
Now, here is my question: Since the encryption key is being stored in the
..config file, and since this encryption key is itself encrypted, what key is
being used to encrypt (and decrypt) the encryption key? Where is this key
stored?
Think of it like this: The encryption key stored in the .config file is used
to encrypt and decrypt the connection string. Since this encryption key is
itself encrypted within the .config file, it *must* have been encrypted
using some other key. Whatever and wherever this other key is, it is also
used to decrypt the embedded encryption key.
Secondarily, is this a security risk? If the key used to encrypt and decrypt
the embedded encryption key is available (and it might be since I don't know
where it's coming from) and if someone gets my .config file, they could
decrypt the embedded encryption key and then use that key to obtain the
connection string, right?
I hope this is clear. I've done a lot of reading and haven't found an
answer.
Thanks very much for reading this far.
--
Tom Baxter
