0

I have a windows service that reads from app.config

I want some settings to be encrypted, however, I don't want to use the ProtectedConfigurationProvider classes provided in .NET because they encrypt files based on the machine they are running on using DPAPI.

What I wanted was a way for our administrator to deploy the config file already encrypted to many machines and have each machine decrypt them when needed.

I don't want to hardcode a password into the assembly either so I'm not sure how I can go about this.

  • 1
    Your service is going to be able to decrypt the settings, and your service executable is living on the machine. Anyone with access to both will be able to decrypt the settings. Maybe this question should be about file permissions? – Dave Feb 18 '09 at 06:17
  • possible duplicate of [Encrypting config files for deployment](http://stackoverflow.com/questions/563717/encrypting-config-files-for-deployment) – gbjbaanb Dec 03 '12 at 17:19

2 Answers2

2

Perhaps your central server can maintains a database of the private keys for all the end points, then it could use the specific machine key for that.

A shared private key for all the machines is not going to be that secure.

Sam Saffron
  • 128,308
  • 78
  • 326
  • 506
  • there has to be a solution. your right though, a shared private key is the wrong way to go –  Feb 18 '09 at 06:07
0

You can use user-level RSA keys and export them to each machine. then the config file can be encrypted ahead of time, and the target machines already have the key.

Maslow
  • 18,464
  • 20
  • 106
  • 193