|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
How to generate validationKey ??Hi all,
I want to protect my web.config - connectionStrings section like in http://msdn2.microsoft.com/en-us/library/dtkwfdky(VS.80).aspx - with RSAProtectedConfigurationProvider. But i don't want to use the decryptKey+validationKey from that example. How can I generate my own keys ? An example or link would be very helpfull. I don't think I can use RNGCryptoServiceProvider from http://support.microsoft.com/kb/312906 Thanks for any advice I think you are mixing things up -
the article shows how to protect configuration sections using the RSA provider - the use the machineKey element (which contains the validationKey) just as an example.. However - if you want to generate machine keys - you can use this tool (which indeed uses RNGCryptoServiceProvider - but you have to convert the output to hex) http://www.develop.com/us/technology/resourcedetail.aspx?id=78da5ca5-5079-4f8f-99c5-b080117ceac0 ----- Dominick Baier (http://www.leastprivilege.com) Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp) Show quoteHide quote > Hi all, > > I want to protect my web.config - connectionStrings section like in > http://msdn2.microsoft.com/en-us/library/dtkwfdky(VS.80).aspx - with > RSAProtectedConfigurationProvider. > > But i don't want to use the decryptKey+validationKey from that > example. How > can I generate my own keys ? An example or link would be very > helpfull. > I don't think I can use RNGCryptoServiceProvider from > http://support.microsoft.com/kb/312906 > Thanks for any advice > Thanks Dominick. You are totally right, it was a mess in my head.
What are you recommending me to encrypt connectionStrings in a sql table ? I don't need to sign or to hash the crypted text. I'm thinking that a symetric encryption with a secret key is enough, if my app is the only one who needs to encrypt+decrypt the data. I choosed DESCryptoServiceProvider. Thanks again Show quoteHide quote "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in message news:51eb304886598c91f2bbeb62440@news.microsoft.com... >I think you are mixing things up - > > the article shows how to protect configuration sections using the RSA > provider - the use the machineKey element (which contains the > validationKey) just as an example.. > > However - if you want to generate machine keys - you can use this tool > (which indeed uses RNGCryptoServiceProvider - but you have to convert the > output to hex) > > http://www.develop.com/us/technology/resourcedetail.aspx?id=78da5ca5-5079-4f8f-99c5-b080117ceac0 > > ----- > Dominick Baier (http://www.leastprivilege.com) > > Developing More Secure Microsoft ASP.NET 2.0 Applications > (http://www.microsoft.com/mspress/books/9989.asp) > >> Hi all, >> >> I want to protect my web.config - connectionStrings section like in >> http://msdn2.microsoft.com/en-us/library/dtkwfdky(VS.80).aspx - with >> RSAProtectedConfigurationProvider. >> >> But i don't want to use the decryptKey+validationKey from that >> example. How >> can I generate my own keys ? An example or link would be very >> helpfull. >> I don't think I can use RNGCryptoServiceProvider from >> http://support.microsoft.com/kb/312906 >> Thanks for any advice >> > > Hi,
i would use RijndaelManaged with a key/block size of 128 bits... ----- Dominick Baier (http://www.leastprivilege.com) Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp) Show quoteHide quote > Thanks Dominick. You are totally right, it was a mess in my head. > > What are you recommending me to encrypt connectionStrings in a sql > table ? > I don't need to sign or to hash the crypted text. > I'm thinking that a symetric encryption with a secret key is enough, > if my > app is the only one who needs to encrypt+decrypt the data. > I choosed DESCryptoServiceProvider. > Thanks again > > "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote > in message news:51eb304886598c91f2bbeb62440@news.microsoft.com... > >> I think you are mixing things up - >> >> the article shows how to protect configuration sections using the RSA >> provider - the use the machineKey element (which contains the >> validationKey) just as an example.. >> >> However - if you want to generate machine keys - you can use this >> tool (which indeed uses RNGCryptoServiceProvider - but you have to >> convert the output to hex) >> >> http://www.develop.com/us/technology/resourcedetail.aspx?id=78da5ca5- >> 5079-4f8f-99c5-b080117ceac0 >> >> ----- >> Dominick Baier (http://www.leastprivilege.com) >> Developing More Secure Microsoft ASP.NET 2.0 Applications >> (http://www.microsoft.com/mspress/books/9989.asp) >> >>> Hi all, >>> >>> I want to protect my web.config - connectionStrings section like in >>> http://msdn2.microsoft.com/en-us/library/dtkwfdky(VS.80).aspx - with >>> RSAProtectedConfigurationProvider. >>> >>> But i don't want to use the decryptKey+validationKey from that >>> example. How >>> can I generate my own keys ? An example or link would be very >>> helpfull. >>> I don't think I can use RNGCryptoServiceProvider from >>> http://support.microsoft.com/kb/312906 >>> Thanks for any advice Thank you, Dominick
Show quoteHide quote "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in message news:51eb304887918c91fcddb083be0@news.microsoft.com... > Hi, > i would use RijndaelManaged with a key/block size of 128 bits... > > > ----- > Dominick Baier (http://www.leastprivilege.com) > > Developing More Secure Microsoft ASP.NET 2.0 Applications > (http://www.microsoft.com/mspress/books/9989.asp) > >> Thanks Dominick. You are totally right, it was a mess in my head. >> >> What are you recommending me to encrypt connectionStrings in a sql >> table ? >> I don't need to sign or to hash the crypted text. >> I'm thinking that a symetric encryption with a secret key is enough, >> if my >> app is the only one who needs to encrypt+decrypt the data. >> I choosed DESCryptoServiceProvider. >> Thanks again >> >> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote >> in message news:51eb304886598c91f2bbeb62440@news.microsoft.com... >> >>> I think you are mixing things up - >>> >>> the article shows how to protect configuration sections using the RSA >>> provider - the use the machineKey element (which contains the >>> validationKey) just as an example.. >>> >>> However - if you want to generate machine keys - you can use this >>> tool (which indeed uses RNGCryptoServiceProvider - but you have to >>> convert the output to hex) >>> >>> http://www.develop.com/us/technology/resourcedetail.aspx?id=78da5ca5- >>> 5079-4f8f-99c5-b080117ceac0 >>> >>> ----- >>> Dominick Baier (http://www.leastprivilege.com) >>> Developing More Secure Microsoft ASP.NET 2.0 Applications >>> (http://www.microsoft.com/mspress/books/9989.asp) >>> >>>> Hi all, >>>> >>>> I want to protect my web.config - connectionStrings section like in >>>> http://msdn2.microsoft.com/en-us/library/dtkwfdky(VS.80).aspx - with >>>> RSAProtectedConfigurationProvider. >>>> >>>> But i don't want to use the decryptKey+validationKey from that >>>> example. How >>>> can I generate my own keys ? An example or link would be very >>>> helpfull. >>>> I don't think I can use RNGCryptoServiceProvider from >>>> http://support.microsoft.com/kb/312906 >>>> Thanks for any advice > > 
Other interesting topics
How to bypass Forms Authentication on selected pages programmatica
RsaCryptoServiceProvider doubt Client Certificate Selection Books on .net security Client certificates do not show up installing the last Root Update Could not establish secure channel for SSL/TLS. Retrieving the private key associated with a certificate Impersonation in .NET 2.0 Do any microsoft buildtime dependancies C#/C/c++/VB/etc. need to be updated for the 2007 policy on d Display of encrypted data |
|||||||||||||||||||||||
