tags:

views:

294

answers:

3
+2  Q: 

Secure, portable encrypted config values -- possible?

I'm just curious if anyone has any great ideas on this.

We have a lot of C# windows services. Each app is installed on multiple machines (anywhere from 2-80, depending on the app.)

Due to the security setup of the network, we cannot (consistently) use Windows authentication to the SQL servers, so our connection strings and credentials have actual usernames and passwords.

Our infrastructure folks want to be able to do the following when deploying the software: 1) Edit the configuration once -- set the appropriate server, user, and passwords for various database connections. 2) Have the connection strings (at least) encrypted or otherwise unreadable to the naked eye 3) Copy that configuration file to all installations of a particular piece of software. This means that the encryption cannot be tied to a specific machine.

Can DPAPI do this? Can one set of keys be installed on all targets to allow the decryption of a common config file? How is the configuration edited in this case? How do you keep other users from viewing the encrypted configuration in the same manner?

A: 

I can comment on at least one aspect of your question, as we have a service configured this way where I work.

When editing/creating the configuration, we put a special token as the first character:

<value>:secret_password</value>

The colon is the special token. When the service starts and reads the configuration, it finds all the unencrypted values by looking for the token, encrypts them, and then overwrites the plain-text with the encrypted value.

So this allows the file to be edited, while keeping the secrets secret.

magnifico  2009-02-19 03:16:26
+2  A: 

The DPAPI encryption uses the <machineKey> as the private key.

Option 1) You can update this in the machine.config of each server and set machineKey to be identical. This has wide impact to the server, such as with unrelated apps that depend on machineKey.

Option 2) You can override the <machineKey> in the web.config for narrower scope.

Session and encrypted viewstate validation also depend on the <machineKey>, so by having identical keys across servers, the sessions and viewstate will be mutually readable. This could be desired for a web farm of identical servers and a centralized session store, but that's out of scope of the original question.

How To: Configure MachineKey in ASP.NET 2.0

spoulson  2009-02-19 03:23:54
What do I do when it's not ASP.NET, but persistent services using app.config?
Joe  2009-02-19 14:58:56
DPAPI is not specific to ASP.NET, so you can override your machineKey in the app.config instead. The same encryption/decryption code will work.
spoulson  2009-02-20 13:19:20
A: 

This sounds like a job for an X509 certificate.

Charlie Martin  2009-02-19 04:17:07
In what context? Using them for authenticating users to edit the configuration? Or something else?
Joe  2009-02-19 15:01:12

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?