0

I had a look on 

 configSection.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");

but I had two questions:

  1. Is there a way to encrypt config file with a key, because any one can decrypt my file if he knows this method, right?
  2. Does the decryption done automatically when retrieving the connection string at run-time? (in any class, or in data-sets)? thanks
Hasan Shouman
  • 2,162
  • 1
  • 20
  • 26
  • In addition to my answer below, I think you're experiencing difficulties with app.config which might mean desktop application likely where to put the key. My case is also WPF desktop application and found impossible in desktop application. Conclusively, I adopted WCF middleware between SQL database and desktop application and encrypted the middle. – Kay Lee May 08 '16 at 10:07

1 Answers1

0

Yes, Encrypting config file is common. DPAPI way uses symmetric key and therefore, if someone gets the key, he can decrypt.

In my case I used an RSA asymmetric key. That way encryption with public key is performed. Decryption can be performed only with private key protected and held by server in SQL database. On application side, users and application don't need the decrypted secret but need to stay encrypted. Simply, public key is to encrypt and private key is to decrypt. And nobody can easily get the private key.

Furthermore, when it comes to cloud platform like Microsoft Azure, we have to use certificate way which is of also RSA.

My case took almost 1 month to understand the complexity. I completed this task just recently.

The decryption is performed automatically by indicating the thumbprint of private key in the config file.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
Kay Lee
  • 922
  • 1
  • 12
  • 40
  • Thanks Maarten, I know that but above answer was written with smartphone, without enough time. Please understand. – Kay Lee May 08 '16 at 09:19
  • It was just a friendly formatting hint. I know typing up answers on a mobile is horrible :) I've done plenty of it. – Maarten Bodewes May 08 '16 at 09:45