Scenario: I have a WPF desktop application that will be distributed on different computers for different clients. The application has an XML configuration file 'ApplicationConfiguration.xml' This XML file contains connection strings. I need to encrypt these connection strings as the ApplicationConfiguration.xml file will be copied to the application installation folder along with the main exe application.
Planned Strategy: My planned strategy was to encrypt the ApplicationConfiguration.xml file after installation. (If I could do this during installation, all the better)
What I tried: Following the encryption strategy of the xml file AFTER installation, I decided to write a simple winforms application to allow the user to view "ApplicationConfiguration.xml" and just click a button to encrypt it. When I did this, I got a new file created as an xml configuration file. 'ApplicationConfiguration.xml.Config', but the original ApplicationConfiguration.xml file remained intact and the connection strings remained intact ... Now ... when I copied the contents of this file to the "ApplicationConfiguration.xml" file, the program was able to function normally ... xml is now encrypted. Thus, it seems that the .NET 4.0 environment can DECRYPT xml file without having to write more code in my WPF application.
For encryption, see the following code:
protected void EncryptConfig(Boolean bEncrypt) { string path = SelectedFilePath(); Configuration config = ConfigurationManager.OpenExeConfiguration(path); // Define the Rsa provider name. const string provider = "RsaProtectedConfigurationProvider"; // Get the section to protect. ConfigurationSection connStrings = config.ConnectionStrings; if (connStrings != null) { if (!connStrings.SectionInformation.IsProtected) { if (!connStrings.ElementInformation.IsLocked) { // Protect the section. connStrings.SectionInformation.ProtectSection(provider); connStrings.SectionInformation.ForceSave = true; config.Save(ConfigurationSaveMode.Full); } } } MessageBox.Show("Config has been encrypted"); }
I posted a sample output ("Replacing CipherData with dummy characters") that is generated by the code above
<?xml version="1.0" encoding="utf-8"?> <configuration> <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider"> <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>Rsa Key</KeyName> </KeyInfo> <CipherData> <CipherValue>skfjshsadfhsadkjfsadhfsadkhfdsafhsadkfhkljdfh=</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue>adfdsafdsafdsfdsafsadfsadfsadfsdfasfdsadfsafsadfdsf=</CipherValue> </CipherData> </EncryptedData> </connectionStrings>
So, I have a few questions about what I did above and what I'm trying to do:
1) Can an application read encrypted connection strings without writing new code in a WPF application? And if so, can each machine read the encrypted connection strings if I handle encryption on my own machine? Since I read about the "Key", which is required ... and I donβt understand where keyName (Rsa Key) came from.
2) Why, when saving an xml file, in my example above is an example of creating the file 'xml.config'? Should I manually copy the newly generated code to the applicationConfiguration.xml source file?
Just add when I decrypt the new xml.config file using the following code:
connStrings.SectionInformation.UnprotectSection(); config.Save(ConfigurationSaveMode.Full);
.. I get the following conclusion! WHAT FOR!:)
<?xml version="1.0" encoding="utf-8"?> <configuration> <connectionStrings> <clear /> <add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /> </connectionStrings> </configuration>
I would expect to get my original 3 connection strings ... no?
Basically, I'm looking for the right method to continue encrypting the XML file of the connection strings and allowing the deployment and reading of the application on different machines.
Any help was appreciated.