Cryptographer config problem when used in .msi

Topics: Cryptography Application Block
Dec 5, 2007 at 2:37 PM

I am trying to call the Cryptographer.DecryptSymmetric() method as part of a custom action in an MSI package but I am getting an error saying that the config section is not there for the AppDomain. I guess this all makes sense since I am actually running within the "MSI app domain". I.e. within this context I don’t automatically have "access" to the app.config that contains all the EL settings needed. How can I fix this? Is there a way to manually load the app.config settings and make them available to the Cryptographer or can I add an app.config file to the MSI context? Any help is appreciated...

Dec 7, 2007 at 10:55 AM

You cannot use the higher level Cryptographer methods, but you can create an ISymmetricCryptoProvider instance through a factory and ask this instance to do the decryption for you. It would look similar to this:

SymmetricCryptoProviderFactory factory = new SymmetricCryptoProviderFactory(new FileConfigurationSource("... the config file name...");
ISymmetricCryptoProvider symmetricProvider = factory.Create(symmetricInstance);
return symmetricProvider.Decrypt(ciphertext);

In your particular context there are two issues though. The first issue is that you need to make sure the configuration file is available when the custom action starts; I'm not sure how to make this work, but I know you can have some support files for your custom actions in MSIs.

The second issue is how to manage keys. Keys are distributed in separate files (which you'd need to manage just like the config file), but more importantly these files are typically encrypted with a machine specific key through DPAPI. There's a description for a key distribution process in the help file ms-help://ms.EntLib.2007May/EnterpriseLibrary/html/03-180-Deploying_the_Cryptography_Application_Block.htm but it doesn't seem to apply to your scenario.

Please share your experience making this work.