Encrypting and decrypting a web.config file.

M

mike55

Contributor
Joined
Mar 26, 2004
Messages
727
Location
Ireland
Hi all

I am using the aspnet_regiis set of commands to create and a provider and encrypt/decrypt the connection string in a web.config file. The problem that I am having is that I generate the key on one machine and encrypt the config file. I then export the key and import onto my server, and assign the relevant permissions. I now want to remove the key so that nobody can look at the web.config file and be able to simply run the decryption command to see the connection string.

Here are the commands that I use:
1. generate machine level rsa key
Code: 
Aspnet_regiis –pc “CustomKeys” –exp

2. Encrypt the connection string
Code: 
Aspnet_regiis –pe “connectionStrings” –app “/project name” –prov “CustomProvider”

3. Export the key
Code: 
Aspnet_regiis –px “CustomKeys” “C:\temp\CustomKeys.xml” –pri

4. Import the key into the server
Code: 
aspnet_regiis –pi “CustomKeys” “C:\temp\CustomKeys.xml”

5. Grant access to the custom key store
Code: 
Aspnet_regiis –pa “CustomKeys” “NT Authority\Network Service”
Aspnet_regiis –pa “CustomKeys” “ASPNET”

6. Delete Rsa key container
Code: 
Aspnet_regiis –pz “CustomKeys”

If I run the command to delete the rsa key container, the system is unable to unencrypt the connection string. What step am I missing? If I have completed all the steps correctly, how can this be secure from a user that manages to get on the server?

To provide further information, I have added the following to the standard web.config file:
Code: 
<configuration xmlns=”http://schemas.microsoft.com/.NetConfiguration/v2.0”>

<configProtectedData>
<providers>
<clear/>
<add keyContainerName=”CustomKeys” 
useMachineContainer=”true” 
description=”Users RsaCryptoServiceProvider to encrypt and decrypt” 
name=”CustomProvider” 
type=”System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a”/>
</providers>
</configProtectedData>

<connectionStrings>
<add name=”myConn” connectionString=”your connection string…”/>
</connectionStrings>
Mike55.

Mike55.
 
They key is required to decrypt the sections - if you delete it then asp.net cannot decrypt the relevant sections.

If you have already set permissions on the container though you shouldn't need to delete they key anyway.
 
So, this method is really only effective in the case that someone gets hold of the web.config file and moves it to another machine and then tries to decrypt it?

Mike55.
 
It is an extra layer of security for the web.config file. If somebody has physical access to the server then you already have problems in ensuring security - however this may be unavoidable (3rd party hosting as an example).

Encrypting the config file simply prevents information contained from being available in clear text, by securing the container you are preventing all but one or two selected accounts from ever being able to decrypt the file.
 
Back
Top