Re: Best Practice for storing keys
- From: "Han" <hp4444@xxxxxxxxxxxxxxxx>
- Date: Wed, 3 Jan 2007 16:20:26 +0900
Hello
Sounds like RSA encription.
http://msdn2.microsoft.com/en-us/library/2w117ede.aspx
Note there is one mistake in the example.
<configProtectedData>
<providers>
<add name="MyProvider"
type="System.Configuration.RsaProtectedConfigurationProvider,
System.Configuration, Version=2.0. 0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,
processorArchitecture=MSIL"
keyContainerName="MyKeys"
useMachineContainer="true" />
</providers>
</configProtectedData>
2.0. 0.0 should be 2.0.0.0.
If you are successful encripting some part of your configuration, the key is
secured with NTFS Access Control Lists. Good luck.
"tshad" <tscheiderich@xxxxxxxxxxxxxxx> wrote in message
news:%23U52UBuLHHA.2140@xxxxxxxxxxxxxxxxxxxxxxx
I am trying to find the best procedure for storing keys used for
encryption.
This would also be a question for the connection string to the database.
At
the moment, this is kept in the web.info file.
This seems to be norm from all the books on building your Web Apps. Isn't
this a problem as the web.info is cleartext? I would suppose that having
keys (which you would to store/encrypt and get/decrypt from your database)
in this manner would be dangerous.
I am trying to find out how others deal with this. Also, I would need the
same information for my Apps on the same machine.
Thanks,
Tom
.
- References:
- Best Practice for storing keys
- From: tshad
- Best Practice for storing keys
- Prev by Date: Re: Dynamic DB lookup/eval to serve a user control bound to a repeater
- Next by Date: Re: How to overwrite the FORM ACTION attribute
- Previous by thread: Best Practice for storing keys
- Next by thread: Re: Best Practice for storing keys
- Index(es):
