RE: rsa encrtyption

Thanks for your reply Chuck,

I also think that there might exists some environment specific things that
cause the problem as you've also followed all the necessary steps. BTW, the
assemblies for the encrypting should be embeded in the .NET framework 2.0's
built-in framework assemblies, so far .net framework 2.0 only has SP1. Is
the problem machine originally has has many patchs or update unapplied?

Anyway, I'm glad to hear that it has been working now. If you have any
further things need help, welcome to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: =?Utf-8?B?Q2h1Y2sgUA==?= <Chuck@xxxxxxxxxxxxxxxx>
References: <5FA18A19-D0EE-435F-9CF2-36689E8FB5BB@xxxxxxxxxxxxx>
<GQRRG5zrIHA.4284@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: rsa encrtyption
Date: Tue, 6 May 2008 06:51:02 -0700


Thanks Steven,
That's exactly what we've been doing for the past year.
Why it didn't work on one developers work station I don't know.
It seems to work for her now and all we did was apply some Sql Server
updates.

My only guess was that the MS dll she used to apply the RSA encryption was
somehow different from the one on the server.


"Steven Cheng [MSFT]" wrote:

Hi Chuck,

From your description, you're encountering some problems about encypting
web.config via exportable RSA provider, correct?

According to the RSA encryption reference, I've performed some local
tests,
the normal process of encrypting web.config section via RSA provider and
move to other machine is as below:

======================
Step 1

Create a machine-level RSA key container:
aspnet_regiis -pc "MyTestKeys" -exp

Step 2

Grant Read Access to the RSA Encryption Key:

aspnet_regiis -pa "MyTestKeys" "NT AUTHORITY\NETWORK SERVICE"

Step 3

Encrypt the config file:
aspnet_regiis -pef "connectionStrings" "physical path of the web site
folder" -prov MyRSAProvider


export the container and import it back to other machine using the
following steps

Step 4

Export the machine-level RSA key container:
aspnet_regiis -px "MyTestKeys" "c:\Config-Key.xml" -pri

Step 5

Copy Config-Key.xml to c:\ on 2nd server

Step 6

Import the the machine-level RSA key container on the 2nd server:
aspnet_regiis -pi "MyTestKeys" "c:\Config-Key.xml"

Step 7

Grant Read Access to the RSA Encryption Key:
aspnet_regiis -pa "MyTestKeys" "NT AUTHORITY\NETWORK SERVICE"

Step 8

Copy encrypted web.config to 2nd server

========================

Based on the steps you mentioned, I think most of the process you've
followed should be correct. So far I'd like to suggest you check the
following things:

1. Check your custom RSA provider setting to see whether it is
correctly
copied to target machine also and set to use Machine container

========encrypt config section=======
<configProtectedData>
<providers>
<add keyContainerName="MyTestKeys"
useMachineContainer="true"
description="Uses RsaCryptoServiceProvider to encrypt and
decrypt"
name="MyRSAProvider"


type="System.Configuration.RsaProtectedConfigurationProvider,System.Configur
ation, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</configProtectedData>
=======================


2. AS in the above steps, after you create RSA key container, you need
to
use "aspnet_regiis -pa" to make sure that the certain account(which will
run your ASP.NET application) has the sufficient access permission to
the
key container. Generally, when you use VS 2008/VS 2005 test server to
run
ASP.NET application, you're using the logon user(which is probably the
admin), however, if you run the ASP.NET in IIS (or after move to other
server which is using another different process account), you need to
make
sure the certain process account have been granted the permission.

You can check them to see whether the problem is due to some of them.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


.