I am trying web.config encryption for server deployment.
I am using the aspnet_regiis.exe for encryption of the connection string.
In this project there are multiple datasets for the database calls.
how can I set decryption for all these datasets from one place as I cannot set decryption for each of the datasets nor can I keep the encrypted file during development.
after encryption the
<connectionstring></connectionstring>
gets converted to
<encrypteddata></encrypteddata>
so application crashes at the
((global::System.Data.SqlClient.SqlCommand)(this._commandCollection[0])).Connection = new global::System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["ApplicationServices"].ConnectionString)
in the typed dataset as it is not able to ApplicationServices as now it is encrypted in the encrypted data
Related
I have working code that will encrypt and decrypt a string provided to methods and this all works fine for when im storing a users entered password for convenience later.
However what I am trying to do is provide a password (encrypted) in the applications config file that allows users to pull data from an SQL server on the same domain.
Because I've used ProtectedData.Protect with DataProtectionScope.CurrentUser it has been encrypted using me as a key meaning users cannot decrypt this key, and DataProtectionScope.LocalMachine is also not applicable.
private static byte[] Entropy = { // Some arbitrary numbers };
public static string Encrypt(string _toEncrypt)
{
byte[] originalText = Encoding.Unicode.GetBytes(_toEncrypt);
byte[] EncryptedText = ProtectedData.Protect(originalText, Entropy, DataProtectionScope.CurrentUser);
return Convert.ToBase64String(EncryptedText);
}
public static string Decrypt(string _toDecrypt)
{
byte[] EncryptedText = Convert.FromBase64String(_toDecrypt);
byte[] OriginalText = ProtectedData.Unprotect(EncryptedText, Entropy, DataProtectionScope.CurrentUser);
return Encoding.Unicode.GetString(OriginalText);
}
Is there another way of doing this that allows for a password to be decrypted when required and be provided in its encrypted format for security reasons?
Since you're using app.config for your configuration file, you can actually use the aspnet_regiis utility to encrypt sections of the file.
It's been a while since I've had to do this, but there are some resources on the internet if you do some searching (for example). But, if I recall correctly the steps are basically:
Temporarily rename your app.config to web.config because
aspnet_regiis will only work on web.config.
Open a Developer Command Prompt (might need to do it as an administrator).
Run aspnet_regiis -pef <the section you're encrypting> <path to your web.config>. The path should just be the folder where the configuration file can be found, don't include web.config.
Rename your configuration file back to app.config.
This will need to be run on the server or machine hosting your application. If your application is not running from a single server things become more complicated as you will have to export the key, and import it to every computer running the application. This article contains the steps:
Create a machine-level RSA Key Container (1 time step)
Exporting the Custom RSA Encryption Key (1 time step)
Importing the Certificate (1 time step - per machine)
Adding Permissions to the Certificate (1 time step - per machine)
Encrypting the Configuration Section
Decrypting the Configuration Section
You don't actually need to do any sort of special decryption in your application. The configuration system will handle that for you automatically.
I'm using .net 4.5 and MachineKey.Protect/MachineKey.Unprotect for encrypting and decrypting values. I'm wondering when we deploy the code to production where we'll have multiple servers, does the MachineKey.Protect/MachineKey.Unprotect works properly without synchronizing machine keys?
Here is the sample code for decrypt:
var bytes = Convert.FromBase64String(Token);
var decryValue = MachineKey.Unprotect(bytes, Purpose);
string plainText = Encoding.UTF8.GetString(decryValue);
Let me know your thoughts!
To unprotect data you'll need the same machine key that the one used to protect data. So if you need to unprotect data protected by another server, your servers must share the same machine key.
I need to encrypt some columns in my MS SQL database (name, ssn ...) and I have been looking at column encryption as described by a few sites such as:
Encrypting Column Level Data in SQL Server
and
Introduction to SQL Server Encryption and Symmetric Key Encryption Tutorial.
I've been able to use an Trigger on insert to encrypt a column and I can decrypt the column within SQL Studio using:
OPEN SYMMETRIC KEY TestTableKey
DECRYPTION BY PASSWORD = 'Pa$$w0rd'
CONVERT(VARCHAR(50),DECRYPTBYKEY(EncryptSecondCol)) AS DecryptSecondCol
FROM TestTable
But how do I access the data from my application? I still want to be able to search for names. The only thing I can think of is using a Stored Procedure and sending the decryption password as a parameter in the LINQ statement so the stored procedure can decrypt the data and then execute the query.
Am I on the right track?
I'm new to this so I welcome other useful suggestions.
Yes, I have seen stored procedures to decrypt encrypted text. I've also seen stored procedures to encrypt text, which I prefer to Triggers because I don't like Triggers - see these answers.
However, I prefer to put encryption logic in my application layer - using, for example, the Enterprise Library Encryption Code. The passphrase and salt are easily encrypted in the config file using the Enterprise Library console.
Is there a specific reason for doing this work in the database? If you must do it that way, you could use EL to protect your passphrase and pass that into the stored procedure you've written.
If you are using MS SQL Server Enterprise or Developer editions, you can use TDE:
TDE
I am trying to encrypt a file when I save it to disk and I have looked at the Crypto namespace in C#, but am unsure how I should do it. Basically I need the ability for my program to be able to both encrypt and decrypt a file. The file is just an xml file that is serialized by my program, but it can contain sensitive data like connection strings for SQL servers. My clients want the ability to email these profiles to others and open them in our application to apply the settings to their system.
I tried the AES classes in the Crypto namespace, but I don't know where to store the IV and the key so that my program on another machine will be able to decrypt it.
In a typical scenario, the flow for handling something like this would go:
The IV is static and known to the client
The end machine generates an RSA keypair, and gives the public key only to the party sending the data (the XML file)
Your AES key is generated, and encrypted using the RSA public key and sent to the client, now only the client is able to obtain that AES key using the private key it generated previously.
You encrypt the data using the AES key you securely sent to the client earlier
This means that even if someone captured the complete data stream, they wouldn't be able to decrypt your data because they don't have the private key required to obtain the AES key.
How To Use Symmetric Key To Encrypt Connection String in Web.config file And What the Code for doing that (with libraries)
use System.Configuration.RsaProtectedConfigurationProvide
Encrype your connection string with simple application. and then add it to your main application. this will use machine key. it will work only with one server, where you have created thsi encryped connection string.
Protecting Connection Strings and Other Configuration Information