Hi all,

I want to protect my web.config - connectionStrings section like in
http://msdn2.microsoft.com/en-us/lib...ky(VS.80).aspx - with
RSAProtectedConfigurationProvider.

But i don't want to use the decryptKey+validationKey from that example. How
can I generate my own keys ? An example or link would be very helpfull.
I don't think I can use RNGCryptoServiceProvider from
http://support.microsoft.com/kb/312906

Thanks for any advice

I think you are mixing things up -

the article shows how to protect configuration sections using the RSA provider
- the use the machineKey element (which contains the validationKey) just
as an example..

However - if you want to generate machine keys - you can use this tool (which
indeed uses RNGCryptoServiceProvider - but you have to convert the output
to hex)

http://www.develop.com/us/technology...5-b080117ceac0

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Thanks Dominick. You are totally right, it was a mess in my head.

What are you recommending me to encrypt connectionStrings in a sql table ?
I don't need to sign or to hash the crypted text.
I'm thinking that a symetric encryption with a secret key is enough, if my
app is the only one who needs to encrypt+decrypt the data.
I choosed DESCryptoServiceProvider.

Thanks again




"Dominick Baier" <dbaier (AT) pleasepleasenospam_leastprivilege (DOT) com> wrote in
message news:51eb304886598c91f2bbeb62440 (AT) news (DOT) microsoft.com...

Hi,

i would use RijndaelManaged with a key/block size of 128 bits...


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Thank you, Dominick



"Dominick Baier" <dbaier (AT) pleasepleasenospam_leastprivilege (DOT) com> wrote in
message news:51eb304887918c91fcddb083be0 (AT) news (DOT) microsoft.com...