none
Can't use 3DES in encrypting web.config RRS feed

  • Question

  • How do I use AES to encrypt the web.config instead of 3DES?   3DES has known security issues with it and I cannot use it.  

    Here is an example.  Would like the part in bold to be:  http://www.w3.org/2001/04/xmlenc#aes128-cbc.


    <connectionStrings configProtectionProvider="MyProvider">
          <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
             xmlns="http://www.w3.org/2001/04/xmlenc#">
             <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
             <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
                   <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
                   <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                      <KeyName>RSA Key
                      </KeyName>
                   </KeyInfo>
                   <CipherData>
                      <CipherValue></CipherValue>
                   </CipherData>
                </EncryptedKey>
             </KeyInfo>
             <CipherData>
                <CipherValue></CipherValue>
             </CipherData>
          </EncryptedData>
       </connectionStrings>
    </configuration>


    Tuesday, April 2, 2013 4:07 AM

Answers

  • Do we need to create a custom ConfigurationProvider instead of using RsaProtectedConfigurationProvider?

     <configProtectedData>
        <providers>
          <add keyContainerName="XXXX" useMachineContainer="true" name="XXXXX" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        </providers>
      </configProtectedData>

    Hi Dete,

    Yes, I think so.

    Best regards,


    Ghost,
    Call me ghost for short, Thanks
    To get the better answer, it should be a better question.

    Wednesday, April 3, 2013 2:58 PM

All replies

  • Do we need to create a custom ConfigurationProvider instead of using RsaProtectedConfigurationProvider?

     <configProtectedData>
        <providers>
          <add keyContainerName="XXXX" useMachineContainer="true" name="XXXXX" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        </providers>
      </configProtectedData>
    Tuesday, April 2, 2013 4:17 PM
  • Do we need to create a custom ConfigurationProvider instead of using RsaProtectedConfigurationProvider?

     <configProtectedData>
        <providers>
          <add keyContainerName="XXXX" useMachineContainer="true" name="XXXXX" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        </providers>
      </configProtectedData>

    Hi Dete,

    Yes, I think so.

    Best regards,


    Ghost,
    Call me ghost for short, Thanks
    To get the better answer, it should be a better question.

    Wednesday, April 3, 2013 2:58 PM