ConnectionString Encryption

Topics: Building and extending application blocks, Cryptography Application Block, Data Access Application Block, General discussion, Security Application Block
Feb 7, 2011 at 9:20 AM

Hi,

I am going to encrypt the connectionString of our application because we don't to show the database login to others. I can encrypt the connectionString by using EntLib tool and I can decrypt it by using the same tool. Can anybody else also decrypt it by using the EntLib? I think key details are also in the encryption file ?

Thanks!

Feb 8, 2011 at 12:12 AM

I'm afraid, I'm not sure what is the exact question here. I just think this is related to your other thread which I already have responded. Please check our response to the other thread and hope this helps.

Gino Terrado
Global Technologies and Solutions
Avanade, Inc.
entlib.support@avanade.com

Feb 9, 2011 at 1:03 AM

If it's going to be decrypted on the same machine, yes, any user will be able to decrypt it.  But if it's going to be on a different machine, they won't be able to unless they have a copy of the rsa key container exported from your machine which they will import on their machine.

 

Sarah Urmeneta
Global Technologies and Solutions
Avanade, Inc.
entlib.support@avanade.com

Feb 16, 2011 at 11:15 PM
Edited Feb 17, 2011 at 3:36 AM

I am planning to create a separate key container for our application.

My question is, if I create a separate key container how can I ask the EntLib tool to use that one? Do I need to add a tab similar to below ?

 <providers>
      <add name="SampleProvider" 
           type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,
                 Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
                 processorArchitecture=MSIL"
           keyContainerName="SampleKeys" 
           useMachineContainer="true" />
   </providers>

If I want to encrypt the connectionStrings. Do I have to change it like below? Or should it be outside of the encrypting part?

<Configurations>

<ConnectionStrings>

 <providers>
      <add name="SampleProvider" 
           type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,
                 Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
                 processorArchitecture=MSIL"
           keyContainerName="SampleKeys" 
           useMachineContainer="true" />
   </providers>

</ConnectionStrings>

<Configurations>

Thanks!

Feb 17, 2011 at 9:06 AM

From the Entlib Config Tool, both DataProtectionConfigurationProvider and RsaProtectedConfigurationProvider are inherited from the machine.config. So if you're planning to have something like this, I'm thinking you'll also need to implement your own custom class that may look like the 2 provider. HTH.

Gino Terrado
Global Technologies and Solutions
Avanade, Inc.
entlib.support@avanade.com

Feb 17, 2011 at 12:25 PM

I think, I don't want to go that far. Simply what I want to do is making the connectionString secure. Don't we need to create a separate key container for my application? What is the recommanded way of doing this?

Thanks!

Feb 17, 2011 at 2:23 PM

charith,

Yes, you need to create a separate key container.  Please see the steps I mentioned in this thread.

 

Sarah Urmeneta
Global Technologies and Solutions
Avanade, Inc.
entlib.support@avanade.com

Feb 17, 2011 at 11:26 PM

Hi Sarah,

Thank you so much for the very helpful post. It sorted out my problems and it work fine.

My only doubt is about removing the RSAProtectedConfigurationProvider. Will it remove all the other key containers? If there are multiple applications that uses EntLib encryption in a workstation how that would affect other applications?

Thanks Again!

 

 


Feb 17, 2011 at 11:57 PM
Edited Feb 18, 2011 at 4:44 AM

It won't affect other applications using EntLib.  The line

<remove name="RSAProtectedConfigurationProvider" />

only removes the declaration of the RSAProtectedConfigurationProvider which in inherited from the machine.config file in the current configuration.  You're merely removing it and re-adding it so you could specify the key container you want.

 

Sarah Urmeneta
Global Technologies and Solutions
Avanade, Inc.
entlib.support@avanade.com