c#: Hi everyone,

I have a small block of code that encrypts a database connection string in a
..config file, but I'm not sure where the encryption key comes from. There is
no problem with this code -- it seems to be working fine -- I am able to
retrieve the connection string with no problem after it's been encrypted.

Let me show you the snippet of code that performs the encryption:

using System.Configuration;
// ...
ConnectionStringSettings settings = new ConnectionStringSettings;
settings.Name = "MyConnString";
settings.ConnectionString = "DataSource=...;password=...";
Configuration config =
ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
config.ConnectionStrings.ConnectionStrings.Add(settings);
config.ConnectionStrings.SectionInformation.ProtectSection(null);
config.Save();



When I look in the resulting .config file, here's what I see:

<configuration>
<connectionStrings
configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData> <-- I BELIEVE THIS IS THE ENCRYPTED
KEY -->
<CipherValue>ej/sRsbuZIC3ZnpxLvQbveZMzzEB51jWkCUDN93X38MMcXtR0uJ2LCe2ZbNWWyu/v5nFg5o+i9U3roEFSd0h6hKXPWkO5DkU6KOGRLwhwEE/H+XVGzEVwI10OMKClMYo/hPB7hzD9ILb2yDzdKjHlCTaKBs5Rr3zSD8Ez3YhvP8=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData> <-- I BELIEVE THIS IS THE ENCRYPTED CONNECTION
STRING -->
<CipherValue>gXZlWUm53KNigp2H8oa7b1DUkeSDlQnWuaqQwFNCpRf74GheR6HFPnXXlGvyOaU0ekcEvRZOKKCrkDSOXP6lxlp5qttC/1Ab0QcCJc1FJWvEkn0J/mBZdByyaRxg7UoxFyBn5fQ448LaUhd6JPCe2JW2V9AnkCDDuUquWYoO3cFCYZtSpr4zo8tnimYxIJrwoNBDWY/PO8lq6dO+S/me6yw7CTN6njZ1eATGIgKI8VQxJDuPLvIemVLc83/900OJO3iBgukFuSY=</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>


Notice the first <CipherValue> element (nested within the first <CipherData>
element). I believe this <CipherValue> element contains the encryption key
used to encrypt the connection string, and this encryption key is itself,
encrypted. Every time I run the code snippet a *new* encryption key is
generated.

Now, here is my question: Since the encryption key is being stored in the
..config file, and since this encryption key is itself encrypted, what key is
being used to encrypt (and decrypt) the encryption key? Where is this key
stored?

Think of it like this: The encryption key stored in the .config file is used
to encrypt and decrypt the connection string. Since this encryption key is
itself encrypted within the .config file, it *must* have been encrypted
using some other key. Whatever and wherever this other key is, it is also
used to decrypt the embedded encryption key.

Secondarily, is this a security risk? If the key used to encrypt and decrypt
the embedded encryption key is available (and it might be since I don't know
where it's coming from) and if someone gets my .config file, they could
decrypt the embedded encryption key and then use that key to obtain the
connection string, right?

I hope this is clear. I've done a lot of reading and haven't found an
answer.

Thanks very much for reading this far.

--
Tom Baxter

Hello Tom,

I notice that you have posted the same question in our
microsoft.public.dotnet.framework newsgroup, which I have already
responded. So please check my answer there and if you need any further
assistance on this particular issue, please reply to me in that thread so I
can follow up with you in time.

For your convenience, I have included my reply as follows:

----------------------
Hello Tom,

From your post, my understanding on this issue is: you wonder where the
encryption and decryption key is stored when you encrypt the configuration
nodes. If I'm off base, please feel free to let me know.

I notice that you are using RsaProtectedConfigurationProvider, the RSA
mechanism, to encrypt the configurations. RSA needs two keys: one is public
key which is used to encrypt the content; another is private key, to
decrypt the content. According to the MSDN article
http://msdn2.microsoft.com/en-us/library/ms998283.aspx, the key pair for
the current application is stored either in machine level key container, or
user level container. For RsaProtectedConfigurationProvider, it uses
machine level key container by default. Machine level keys are stored in
the directory:
C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys
Each file in the directory represents one key container (public - private
key pair).
You could use the command:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pc
"keycontainer_name" -exp
to create a new key container with the specified keycontainer_name.

But actually, it is not the public key of RSA key container that encrypt
the content of configuration information, because RSA is a kind of
asymmetric encryption, and it is slow to encrypt large messages. We usually
use symmetric key cipher, such as DES, to encrypt large messages. When we
start to encrypt the content of a configuration file,
Firstly, it will find the RSA key container according to the key name
specified in <EncryptedData><EncryptedKey><KeyInfo><KeyName> node.
Secondly, it randoms a DES key and use the public key from the key
container to encrypt the DES key. Then store the encrypted result in the
node <EncryptedData><KeyInfo><<EncryptedKey><CipherData>
Lastly, it uses the DES key to encrypt the configuration information.

When we decrypt the configuration information,
Firstly, it will find the RSA key container according to the key name
specified in <EncryptedData><EncryptedKey><KeyInfo><KeyName> node.
Secondly, it use the private key to decrypt the encrypted DES key.
Lastly, it uses the DES key to decrypt the configuration information

For more information, please refer to the page
http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html

Please let me know if you have any other concerns, or need anything else.
----------------------

Thank you and have a nice day!

Sincerely,
Jialiang Ge (jialge@online.microsoft.com, remove 'online.')
Microsoft Online Community Support

=================================================
When responding to posts, please "Reply to Group" via your newsreader
so that others may learn and benefit from your issue.
=================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

[quoted text, click to view]

<snip>

[quoted text, click to view]

Reading through the docs, I believe it's a machine-level or user-level
RSA key container, and the user account which executes the page
request must have access to that RSA key container in order to work.

In other words, it's using underlying Windows security - so I don't
believe it's a security risk.

One way to test it would be to copy the configuration and application
to another machine - I'm pretty sure you'll find it doesn't work.

Jon

Jialiang,

Thank you. Your information is perfect.

From what you described, it seems there there is the (slight) possibility of
another application, on the same machine, being able to decrypt the .config
file. This seems true since the RSA key pair is stored on the local machine
(in C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys).

Would you agree?

Thank you again for the great response.



[quoted text, click to view]

--
Tom Baxter