Could somebody please do a rundown of how to programmatically encrypt a config-file in .NET, preferably in C#.

What I would like to do is do some kind of check on an application's startup to see if a section is unprotected, and if it is, then encrypt it. This for both settings and connection-strings.

Also if anyone could list the types of encryption-providers and what is the difference between them.

I don't know if the code for doing this in a normal WinForms-application is transparent to doing this in ASP.NET.

+3  A: 

There is a good article from 4 guys about Encrypting Configuration Information in ASP.NET 2.0 Applications

Hope this helps


@TK: a hashing algo can only be 'guessed', not reverse engineered. One can only reconstruct the input to a hash value by completely guessing the input (apart from collisions, that is) This can be done by a rainbow crack for example (see an implementation of a rainbow cracker here)

I would say that a 3rd party encryption tool is not safer than the .NET framework encryption algorithms, these libraries just help you doing your job faster


I haven't used it myself, but the Microsoft Enterprise library has good encryption support that will possibly suit your needs:

+7  A: 

To summarize the answers and what I've found so far, here are some good links to answer this question:

Please feel free to complement with other links, maybe some to WinForms- or WPF-applications.

Seb Nilsson