开发者

Web.config encryption/decryption

问答 作者:

In my applications web.config file I have a connection string stored. I encrypted it using 

  '---open the web.config file
    Dim config As Configuration = _
       ConfigurationManager.OpenWebConfiguration( _
       Request.ApplicationPath)
    '---indicate the section to protect
    Dim section As ConfigurationSection = _
       config.Sections("connectionStrings")
    '---specify the protection provider
    section.SectionInformation.ProtectSection(protectionProvider)
    '---Apply the protection and update
    config.Save()

Now I can decrypt it using the code 

   Dim config As Configuration = _
       ConfigurationManager.OpenWebConfiguration( _
       Request.ApplicationPath)
    Dim section As ConfigurationSection = _
       config.开发者_C百科Sections("connectionStrings")
    section.SectionInformation.UnProtectSection()
    config.Save()

I want to know where is the key stored, and also if somehow my web.config file is stolen, will it be possible for him/her to decrypt it using the code above.

The user keys are stored in:

[Letter]:\Documents and Settings\[User]\Application Data\Microsoft\Crypto\RSA

Machine keys are in:

[Letter]:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

If someone has the file and the keys then yes, they'll be able to decrypt. If only the file, no they won't be able to.

Also, if they decrypt using the same code on the same server, then yes. However, if they reach your server, it's all over anyways.

EDIT to add into the answer from comments:

  • Q: If I copy the key and paste it in some other PC along with the web.config, will it be decrypted?

  • A: If i'm not mistaken, the key will only work on that machine unless you do an import/export. However, as I say, if someone has gained access do this, you will be "dead in the water" already, as the compromised server will be devastating.

  • Q: I created one more web application and encrypted it.I see that no new key is created there.Did it use the same key for the 2nd application?

  • A: As far as I know, yes. The keys are generated per machine, per user to my knowledge.

继续阅读:asp.netweb-config

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9