RE: Better security

Hi Dave,

Yes, use aspnet_regiis is one way to encrypt the content so that only
ASP.NET runtime can decrypt it. However, for your scenario, you only want
A,B to know the key and be able to encrypt and decrypt the
connectionstring, this violate the usage of ASP.NET/.NET 2.0's
configuration protection/encryption. So I think you can review your current
security design here to see whether any other approach should be better?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.



.

Relevant Pages

  • RE: NTE_BAD_DATA
    ... They are NOT used DIRECTLY to encrypt / decrypt data; ... you should generate a RANDOM SESSION KEY and select a SYMMETRIC ENCRYPTION ... // imported from a BLOB read in from the source file or having ...
    (microsoft.public.platformsdk.security)
  • Re: Back Doors
    ... >> Design into the system a master key. ... Encrypt that with public key. ... Decrypt random symmetric key with private key. ...
    (sci.crypt)
  • Re: CAPI and RC4: can not decrypt when Final parameter is set to F
    ... to store ASYMMETRIC key pairs - never symmetric keys like RC4, ... Now when you need to encrypt at one place and decrypt at the other normally ... Get a HCRYPTPROV handle to a key container with CryptAcquireContext ...
    (microsoft.public.platformsdk.security)
  • Re: RSA - Public vs. Private Keys
    ... This is a common pattern for license software ... your client will send a unique machine hash to the ... will let us decrypt with a Public Key (or simply not ... |> RSA is intended to encrypt messages with public keys only. ...
    (microsoft.public.dotnet.security)
  • Re: .NET Crypto Classes Interoperability with Win32 Crypto APIs
    ... when i encrypt a string using .NET classes and try to ... > decrypt it using Win32 APIs, ... > UnicodeEncoding(); ...
    (microsoft.public.dotnet.security)