What are the cases when RsaProtectedConfigurationProvider should be used instead DataProtectionConfigurationProvider and vice-versa?
Asked
Active
Viewed 6,500 times
12
-
1According to the MDSN article the RSA encryption requires specific elevated permission, typically admin rights: "The user account used for encrypting the file when using the RsaProtectedConfigurationProvider must have the appropriate minimal permissions, which must include read permissions on the NetFrameworkConfigurationKey key container, in order to encrypt and decrypt sections when using the Enterprise Library configuration tools. By default, this includes only administrative accounts." – Andy Thomas Oct 05 '16 at 14:39
1 Answers
13
They both offer strong encryption/decryption. RsaProtectedConfigurationProvider uses asymmetric RSA, and DataProtectionConfigurationProvider is based on the symmetric Windows (native) Data Protection API.
These providers can be used interchangeably on a single PC. However, if you need to use the same key on several machines (e.g. you have a web farm), then you can only use RSA provider which allows you to export/import the key.
Asymmetric algorithms are usually much slower than symmetric and require 2 keys: one to encrypt, another to decrypt. Symmetric algorithms are usually exceptionally fast, but they encrypt and decrypt using the same single key. These are just minor differences if the file is read infrequently.
oleksii
- 35,458
- 16
- 93
- 163
-
Do we have any addtional security if we use RSA instead of DataProtection?. – Tinoy Jameson Nov 08 '17 at 09:02
-
In my opinion, and I am not an expert, the two methods allow the same level of security. – oleksii Nov 08 '17 at 12:59