How to encrypt configuration files
Address: http://www.cnblogs.com/jfzhu/p/4039216.html
Reprinted please indicate the source
In the web. config or app. config file, we often store some sensitive information, such as connectionStrings or appSettings, such as the following files.
<?xml version="1.0"?><configuration> <system.web> <compilation debug="true" targetFramework="4.0" /> </system.web> <connectionStrings> <add name="MyNwConnectionString" connectionString="Server=myServerAddress;Database=myDataBase;User Id=myUsername; Password=myPassword;"/> </connectionStrings> <appSettings> <add key="User" value="myUsername"/> <add key="Password" value="myPassword"/> </appSettings></configuration>
using System;using System.Configuration;namespace WebConfigEncryptTest{ public partial class WebForm1 : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { string user = ConfigurationManager.AppSettings.Get("User"); string password = ConfigurationManager.AppSettings.Get("Password"); string connectionString = ConfigurationManager.ConnectionStrings["MyNwConnectionString"].ConnectionString; } }}
(1) providers available for encrypted files
.Netprovides us with the aspnet_regiis.exe tool to encrypt sensitive information in the web. config file (you can change the name of the app. config file to web. config, and then change it back to app. config ). You can use one of the two providers for encryption:
- System. Configuration. DPAPIProtectedConfigurationProvider: In System. Configuration. dll, use Windows DPAPI (Data Protection API) for encryption. The key is stored in Windows Local Security Authority (LSA.Note:When DPAPIProtectedConfigurationProvider is used, the account used to encrypt the file must be the same as the account running the web application. Otherwise, the web application cannot decrypt the encrypted content.
- System. configuration. RSAProtectedConfigurationProvider: in System. configuration. in dll, the RSA algorithm is used for encryption (RSA algorithm is non-symmetric encryption, see symmetric encryption and asymmetric encryption). The public key is stored in the config file, and only the encrypted computer has a key. RSAProtectedConfigurationProvider is usually the default provider.
(2) file encryption commands
To encrypt the web. config file, you can use:
Aspnet_regiis-FFE section web-app-physical-dir
Encrypt the configuration section. Optional arguments:
[-Prov provider] Use this provider to encrypt.
For example, the following command encrypts the information in connectionStrings and appSettings respectively:
Aspnet_regiis.exe-Arg "connectionStrings" C: \ myweb \ HelloService"
Aspnet_regiis.exe-Arg "etettings" C: \ myweb \ HelloService"
<? Xml version = "1.0"?> <Configuration> <system. web> <compilation targetFramework = "4.0"/> </system. web> <connectionStrings configProtectionProvider = "RsaProtectedConfigurationProvider"> <EncryptedData Type =" http://www.w3.org/2001/04/xmlenc# Element "xmlns =" http://www.w3.org/2001/04/xmlenc# "> <EncryptionMethod Algorithm =" http://www.w3.org/2001/04/xmlenc# Tripledes-cbc "/> <KeyInfo xmlns =" http://www.w3.org/2000/09/xmldsig# "> <EncryptedKey xmlns =" http://www.w3.org/2001/04/xmlenc# "> <EncryptionMethod Algorithm =" http://www.w3.org/2001/04/xmlenc# Rsa-1_5 "/> <KeyInfo xmlns =" http://www.w3.org/2000/09/xmldsig# "> <KeyName> Rsa Key </KeyName> </KeyInfo> <CipherData> <CipherValue> encrypt + fCQdDbTpNh/encrypt/decrypt + feeG/encrypt + f2EIimP7LJI + encrypt/ATc73/W6eg9808f4 /keys + keys ==</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue> I1DWG11Iz/rq + NC9C/21B3Q22J9 + keys/ encryption/encryption + encryption = </CipherValue> </CipherData> </EncryptedData> </connectionStrings> <etetemediconfigprotectionprovider = "RsaProtectedConfigurationProvider"> <EncryptedData Type =" http://www.w3.org/2001/04/xmlenc# Element "xmlns =" http://www.w3.org/2001/04/xmlenc# "> <EncryptionMethod Algorithm =" http://www.w3.org/2001/04/xmlenc# Tripledes-cbc "/> <KeyInfo xmlns =" http://www.w3.org/2000/09/xmldsig# "> <EncryptedKey xmlns =" http://www.w3.org/2001/04/xmlenc# "> <EncryptionMethod Algorithm =" http://www.w3.org/2001/04/xmlenc# Rsa-1_5 "/> <KeyInfo xmlns =" http://www.w3.org/2000/09/xmldsig# "> <KeyName> Rsa Key </KeyName> </KeyInfo> <CipherData> <CipherValue> encrypt/decrypt/SuBvV3D2kxhHaYGFaPuvYgsyOLf3 + aYR3O/uh/encrypt +/decrypt + encrypt = </CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue> 5W2KhG/ciphertext/g9A0By/wcGXI + encrypt/decrypt 1mV/w = </ cipherValue> </CipherData> </EncryptedData> </appSettings> </configuration>
RSAProtectedConfigurationProvider is the default provider. To use DPAPIProtectedConfigurationProvider, you can use the-prov parameter to specify:
Aspnet_regiis.exe-Arg "connectionStrings" "C: \ myweb \ HelloService"-prov "DataProtectionConfigurationProvider"
Aspnet_regiis.exe-Arg "etettings" "C: \ myweb \ HelloService"-prov "DataProtectionConfigurationProvider"
After the configuration file is encrypted, the source program does not need to be modified. To modify or add new configuration information, decrypt the configuration file. No matter which Provider is used, the configuration file can only be decrypted on the computer that is encrypted.
(3) file decryption commands
The decryption command is as follows (the decryption command does not require the-prov parameter ):
-Pdf section web-app-physical-dir
Decrypt the configuration section.
Aspnet_regiis.exe-pdf "connectionStrings" "C: \ myweb \ HelloService"
Aspnet_regiis.exe-pdf "appSettings" C: \ myweb \ HelloService"
(Iv) Summary
Sensitive user name and password information is often stored in the configuration file. To prevent this information from being leaked, you must encrypt the configuration file. Encryption and decryption can be found in the. NET tool aspnet_regiis.exe in the Windows. NET folder.
This tool only modifies the web. config file. If you want to encrypt or decrypt app. config, You can first change the app. config file to web. config, encrypt or decrypt it, and then change it back.
How to encrypt the file
How to encrypt a folder without encryption software
Windows XP file encryption method
I. Office file format
1. Word Files
To encrypt a Word file, first open the file to be encrypted, click "Tools" menu → "options", and then select the "save" tab in the "options" dialog box. In the "open permission password" and "Modify permission password" input boxes, enter the password. Note that the former password is used to open the file. Without this password, the file cannot be opened. The latter sets whether the user has the right to modify the file based on the former. If not, the user can only read the file, but cannot modify the content.
2. Excel files
The Excel file encryption method is different from the Word file. When you finish editing the file, click "file"> "Save... ", the" Save as "dialog box is displayed, and then click the" Tools "button on the toolbar. The drop-down menu is displayed. Select" general options ", in the displayed settings window, enter the open password and change the password. Click OK to save.
3. Access File
To Encrypt an Access database file, follow these steps:
(1) shut down the database. If the database is shared on the network, make sure that all other users have disabled the database.
(2) copy a backup for the database and store it in a safe place.
(3) Click the open command in the File menu.
(4) Click the arrow on the right of the Open button, and then click open exclusively ".
⑸ Click the "set Database Password" command on the "Tools" menu "security" sub-menu.
In the "password" box, enter your own password. The password is case sensitive.
In the "verify" box, type the password again to confirm, and then click "OK.
In this way, the password is set. The next time you open the database, a dialog box asking you to enter a password is displayed.
4. WPS Files
WPS file encryption is very simple. You only need to click "file"> "Save as...". In the displayed dialog box, select the "file encryption" check box and the "set password" dialog box. First, enter the password in the text box, and then select the encryption type. "common encryption" applies to most cases, while "Top Secret encryption" applies to situations with high confidentiality requirements. Moreover, according to Kingsoft, they can help customers remove files encrypted in the "common encryption" mode, and they can't do anything about files encrypted in the "top secret encryption" mode, therefore, save the password to avoid unnecessary losses.
How to hide or encrypt a file in the XP System
Windows system's built-in WINRAR compression software () can play a good role in the encryption software function, without installing anything, it is also very convenient.
Procedure:
(1) Select the folder you want to encrypt and right-click the pop-up menu.
(2) Select "add to compressed file" to go to the "compressed file name and Parameters" setting interface.
(3) Select "advanced" at the top, and then select "set password" to enter the password.
(4) After the password is confirmed, click "OK" to compress the folder.
(5) After compression, delete the original folder, and now only the compressed file is left.
(6) to open the encrypted folder in the future, right-click the compressed file and select "decompress to current folder" and enter the password!
(7) after the password is used up, repeat the password to encrypt it again!
Example: If you want to hide the hello folder in the test directory of drive D:
1. Create a new text file and enter the following content in it:
[. ShellClassInfo]
CLSID = {645FF040-5081-101B-9F08-00AA002F954E}
Save it as desktop. ini and copy it to D: \ test \ hello.
2. Put the file you want to hide in D: \ test \ hello. Of course, you can also create a folder in it.
3. start> RUN> enter "cmd", Press enter, and enter "attrib + s D: \ test \ hello" in the command prompt. After press enter, the hello folder will become the recycle bin.
4. when you need to use the files in this folder, click Start> RUN> enter "cmd", Press enter and enter "attrib-s D: \ test \ hello" in the command prompt ", after you press enter, the hello folder will change to the original one and you can access it.