How Enterprise Library Encryption/Decryption work?

Topics: Cryptography Application Block, General discussion
Feb 7, 2011 at 12:55 PM


Hi,

Can somebody explain me how encryption and decryption work behind the screen? I've encryted the connectionString using EntLib?

Is it essential to include   <dataConfiguration configProtectionProvider="RsaProtectedConfigurationProvider"> there? I noticed that it work event without that tag.

This is my app.config file.

<?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="validation" type="Microsoft.Practices.EnterpriseLibrary.Validation.Configuration.ValidationSettings, Microsoft.Practices.EnterpriseLibrary.Validation, Version=5.0.414.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="true" />
    <section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=5.0.414.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="true" />
  </configSections>
  <validation />
  <dataConfiguration configProtectionProvider="RsaProtectedConfigurationProvider">
    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
     xmlns="http://www.w3.org/2001/04/xmlenc#">
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
          <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
          <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <KeyName>Rsa Key</KeyName>
          </KeyInfo>
          <CipherData>
            <CipherValue>PyenD6M6g1LsMTy6NU7dSlVrJ/LtGRtjqDPnro5X/h/ft8s5Ck9zmIPWnod1wv/MdnTFqEjmIKYTx+BuaBDIsMbyDvbNwhHe+15T3dI65A/1nLNjLKNuKWoUjAs87kxbuJz+faOau5NrVti69FgJdvq3J/mfxXaBX7n7t+168F0=</CipherValue>
          </CipherData>
        </EncryptedKey>
      </KeyInfo>
      <CipherData>
        <CipherValue>fNCwAC6bS8s9lLWd0xIBbw7SxXZDvph9YHTEFzDKobFUUmoYv2T6Mh9KqZNs/ugxTVcyqSoN/j9nGJqWZQV/Hw==</CipherValue>
      </CipherData>
    </EncryptedData>
  </dataConfiguration>
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
  <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
   xmlns="http://www.w3.org/2001/04/xmlenc#">
    <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
      <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
        <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
          <KeyName>Rsa Key</KeyName>
        </KeyInfo>
        <CipherData>
          <CipherValue>l0qxcCPKcYa6oEcRTde/ZK7K850halDE2g7nKiaaA1XId0LMdwQfZVLT+VnJsBixz6i0CoPrltXdeIk2r258SvFQstgLPu3PBKfXGWprkNCsiHqFd5zLq5A0P7JBFatW8bEOZG0DEVO9bQHr733POgQrolir5ux76zDaPY3BJe8=</CipherValue>
        </CipherData>
      </EncryptedKey>
    </KeyInfo>
    <CipherData>
      <CipherValue>5AWSzjNpjF5wD6NFhqZvgabVo5j79f5hl4a2RDuQr2uYiMOHD++gpPkc2SnnIzpDUtsFjQg5afrC1NK+L4MnKJYULYRcLIynLeATdMq1I0hHbtSL0+PB2iEc9uu/oG4i84U0xjMd02GpKG3aFAFhWtn5Bbk2o4EnIIYSOC1ajwypIwS+9e2tC3IzDqsauilWQqHJ8y19n9x8ZhqLFvKnfGysg9Zngdt2mGmj3Eq5wSbZ8Gz6vnV83GsB/HGSeHkQcV4U2loyzAfUYlO1dZOiOVFYTD5k80Lqz8J8fV9YketM0KDoZ1NKwVI7FcsuwKVqm6jtVRL7MGLMxs+M6C5uDocrhJitltll6pO+axTR2G/XfIJADo/8yo1LIPj2bMWDHb1Z3PaAipoo27FKeS2DVwhGja+0LJE4w9cWvdN+smzZWEWD9QVOItnOmdKb3K/9Md1ISiu0V8ncqf2QIxBwbNEBZ9KM9ACIuE+esnGrDJoZPqnG6v9Or/StSoUT/P5E7umn1m7vGGfrJu2Gd3O5M8hD/MBg6xqpmUsIvjTD0P8bgCDqLxaCjcTGSsOmmdo+/+PDbULmPmj8Ze1VqET2miIOq+RU0sLEuUrtx9YyTyIfPL0YMpxr8m9eV58baExNwwqZweZTqcCC3vJtCb5mnhxWkct9c48oK7OcSEHy951pQYfDSDKTpgQLPoxukn5fk7q9yLJDPJ23gNpd+Oeq1zWRDNDORjS0NC5JxxCB6mtqxS6uQq3Ql/MW2A9gt0IcwiFU7TZmFPalLidr9svz8tjcMCf0ib+rw7LatGjT+5zbdiEf0o+pr3R4PCxpL9SWueF4FcYkHt4Ra9y7WVPNd0Vyy5oHF+4V806HkMsmjBtl93t87plfc5aAELDr+7T4sE0j054g2rxKiwoILOT8pR+QYWbyt23KpVhEfMb7VbwTp+nWRmdTQF4Wt7zxAvbt37geMqElOMhpjZUq4I7Y4EpQce+J1eCpoOpNUwWeL34z9QCXOwRvGv52M6OgS6SqJXjLH3DHhBrXUgJ0PeNLLwNlaKR61TW3r3I3dHPpvbRsH5R1eU7jf8bEgLG7JACusLso+T9buhcn2DTkQawoHqnUSkGALBg7VR0RENdO8UdCx0DztCvJTKayyR3d+WBGGnz/GjVeUhylxt5VXrcJ1AlY+3aNdOk2/v9V6vxbMQix00XdWNFgbIFL2RzQ6fZyTYbVGSxde/BAEgNxQjJ2n7LktTLnSqkiysufOpsiP7LfN1Tp6urECNYs36rL+nVBkcoUGQTyIYLWU3r8MTv41BTEtFnN7rWei2FuMOqQbXaCcBNIMCtQ55XBTaKbVcDDQPgfv+LxlYit+OSQqbytfIXQdpjygzbEIhnlHXAU/lmVdUBIT4RTHy8FRU57ELJLrGmQKw9VXjd3ABh7rw3ZxdOo380NcwSoD3Q+v+rwBeyEPOLBGHtQ8BBOm37mja99ExpTaMABQMyTAwf2b4uv9U+nuHjahavFHAO6u1+8Jbw6TsP9ZEk7Yma9drW6tdDYLUQAWweO//wa/i6sf6fMnX78ZA3Vv3fz+oXmn79ijFozkJDM7OCBcFPLFkOYGdBUKAa1mM31mED2zePyMWHUANacK2myrYIkBwVQwHtFzQaBxNvax4fqLrTZefs340XogG8RJ1IEHYh4DeJM5LXzmNqVcDw6rACzLchnBBGpFxkiQbL1cmqxtbdiroJZMKrv0nS+rHXh0oZdtN5zf0Q00RKob/SIT9tlFlsvjdKicYyyfY75Hw5XuZ0IXuFuXeim+Sm6nqBBSqdvJ3VRyXcE3lxQc/fiUj5BXhNMh3B6K9D99h3LBQW7IqgfRzfKBWLBfpt1Om7JFVvO/3CTyWb6mC5FgkauGP9fmrbilKhHJEf70uGgnWjEeJTuzdcz3ILvEUQkGoHTTmpkPcXjlOt4HrmUHoMKRwkkRVdxUmlvaululYccWnQYSPO5pNNWtJ4ZasEnoNbMoQ4Wmcnm/rA+0EouBC06SyJkpJKfeVdTOrXM9afq2DTFORHFdXWWfluoOP7GNsMhjBvftqYi+D18m0UIG67ynUk+ZsN7mAp8Ze3uMwSH2Te+N0b7ldPMbv3p4vQ4Y/XXV99juihLSIYOpUp3wSIBOz+d3CYbfudisFt28HOSgZx5UsSi4wqSFA6NUKmV8EMI9qMAObRwlw7rnGIpVy8ootl4YW/rqLCXwepEHLDccD+jLNTzyWzitPPD+wHRoARUiTua9sGKuQqgyMsFXZCMpDXKwpmIRaDGSyos0d2QyFMtj1y9cR/cwyI0YTVQWy4OwRzr3DQizxWvWFbxfyUCcFmCtGPxd5HREUZFPWDkpCEQL5uLRzh9nzjQGPn9Fsjv0u4crssLUUwMkdt9OLRWJWkh+pNQxx/1ObA=</CipherValue>
    </CipherData>
  </EncryptedData>
</connectionStrings>
</configuration>

Feb 8, 2011 at 12:07 AM

Not sure if you already read this details or info but hope this documentation reference would help - http://msdn.microsoft.com/en-us/library/ff664594%28v=PandP.50%29.aspx.

And as for "Is it essential to include   <dataConfiguration configProtectionProvider="RsaProtectedConfigurationProvider"> there?",

the answer is yes, noticed also that if you removed this section and you open up your config file in the EntLib Config Tool the Protection Provider of the App Block is set back to no protection.

Therefore if you would want to retain your Protection Provider used by the App Block then this section is required. HTH.

Gino Terrado
Global Technologies and Solutions
Avanade, Inc.
entlib.support@avanade.com

Feb 16, 2011 at 11:08 PM

Thanks for the link Gino. That helps!