Is there a way of creating a hash key that can be used by our different servers for decrypting connection strings in web.config, and how would I do that? Any pointers?
Thanks for the help! // Peter
+2
A:
There are 2 options, if it's in-house and you want all machines to do things the same, then a machine.config syncing would be best. You'll want a random key you generate, but here's the example element you want to change:
<machineKey
validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7
AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B"
decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F"
validation="SHA1"
decryption="AES"
/>
To generate cryptographically random keys:
Use the RNGCryptoServiceProvider class to generate a cryptographically strong random number. Choose an appropriate key size. The recommended key lengths are as follows:
- For SHA1, set the validationKey to 64 bytes (128 hexadecimal characters).
- For AES, set the decryptionKey to 32 bytes (64 hexadecimal characters).
- For 3DES, set the decryptionKey to 24 bytes (48 hexadecimal characters).
Since the first question I had when doing this the first time...here's an example of how to do the generation, do it once and apply to all machines: How to create keys by using Visual C# .NET
Option 2: If you're not in that situation and you need it at the web.config level, then see How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA ion MSDN
Nick Craver
2010-02-02 12:40:42
Superb, but this gave me a follow up question: http://stackoverflow.com/questions/2200329/how-do-i-know-if-the-machinekey-section-from-my-machine-config-is-being-used
Microserf
2010-02-04 14:36:57