Encrypt (App | Web). Config abc

1. Problem
2. HowTo
3. Advance

1. Problem
The problem is simple and clear, that is, how to protect your data in Config, such as database connection strings and other data hidden to users.

2. HowTo
Step1. create a machine-level RSA Key Container.
Aspnet_regiis-pc "XKeys"-exp

Step2. Add the following Node to your Config File (before the information to be encrypted ):
<ConfigProtectedData>
<Providers>
<Clear/>
<Add name = "DataProtectionConfigurationProvider"
Type = "System. Configuration. RsaProtectedConfigurationProvider, System. Configuration, Version = 2.0.0.0, Culture = neutral, PublicKeyToken = b03f5f7f11d50a3a, processorArchitecture = MSIL"
KeyContainerName = "XKeys"
UseMachineContainer = "true"/>
</Providers>
</ConfigProtectedData>

Step3. check whether the Root xmlns of your Config is as follows.
<Configuration xmlns = "http://schemas.microsoft.com/.NetConfiguration/v2.0">

Step 4. Save config.

Step5. cd "% SystemRoot % \ Microsoft. NET \ framework \ v2.0.50727"
Or add this path to path.

Step 6. encrypt the config file
Aspnet_regiis-Arg "etettings" C: \ xsolution "-prov" dataprotectionconfigurationprovider"
Note:
1. "C: \ xsolution" cannot contain \
2. If you are a winform program, copy app. config web. config first.
Aspnet_regiis only applicable to Web. config.

-----------------------------------------------------------------------------
So far, the local configuration file encryption has been completed.
If you deploy the encrypted EXE/config on another machine, you will find that the configurationmanager does not
The private key cannot be decrypted, so we need to bring the private key of the generated key to the deployment party for decryption.

Step 7. Export the RSA key container encrypted for config on the machine that generates the keycontainer.
Aspnet_regiis-Px "xkeys" C: \ xkeys. xml"

Step 8. Import key container on the deployment party.
Aspnet_regiis-pi "xkeys" C: \ xkeys. xml"

Completed!

3. Advance

A. About RSA
It is necessary to master the concepts of asymmetric and RSA.
Look at the http://www.cnblogs.com/lrabbyivy/archive/2005/07/11/190495.aspx

In short, you have made a key and then made N more locks based on the key,
This lock is interesting. It locks the lock with a single click, and only the key can be opened.

Now you distribute the produced locks to others. Others put things in the box and use your locks to lock them.
Send it to you, and then you can use your key to open it after receiving it. During the transmission process, whether it is the distribution lock
When someone else gives you a box, even if someone else is robbed, the box cannot be opened because there is no key.

Many people start with this sentence.
Aspnet_regiis-FFE <element> <path>

A buddy asked,
Aspnet_regiis-pdf <element> <path>
I can unbind the encrypted content. What is the purpose of encryption ???

So you need to understand that when you encrypt RSA, you must have a key, and only you have one.
Only you can easily decrypt it, because you have a key.

. NET uses keys in C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Crypto \ RSA by default.
You can confirm it in machine. config (C: \ WINDOWS \ Microsoft. NET \ Framework \ v2.0.50727 \ CONFIG.

Once you deploy it on another machine, you cannot decrypt your encrypted Config, unless you give it the key.

B. To be continue...

Reference link:
Http://blogs.msdn.com/mohamed_sharafs_blog/archive/2005/11/17/protectedConfiguration.aspx
Foreigners are professional...