Encrypting configuration files

Release 1.0 - ...

Some smartsite configuration files may contain security sensitive information like connection strings and Windows user accounts. These sections can be encrypted to avoid that they may be read by individuals who should not see this information. They can be encrypted with the ConfigEditor and with the command line tools ConfigProtect.

These tools use the configuration protection providers that are installed on your server. Normally these are installed:

RsaProtectedConfigurationProvider
DataProtectionConfigurationProvider

Example

When the Smartsite.data.config file is not encrypted, a connection string looks like this.

XML	Copy Code
<database id="AdventureWorks"> <connectionstring>Provider=SQLOLEDB.1;Password=secret;Persist Security Info=True;User ID=sa;Initial Catalog=AdventureWorks;Data Source=db1</connectionstring> </database>

After using encryption, it will look like this.

XML	Copy Code
<database id="AdventureWorks"> <SecureConfigElement provider="RsaProtectedConfigurationProvider"> <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>Rsa Key</KeyName> </KeyInfo> <CipherData> <CipherValue>DHCtkt39bOVhb/nztoqDn5KUUu0TqrFLshYvpsa5AMAsCRyLfndRZqOV2QZwhzGQN8hyDq4ySd05e/NdH+ZeTRXcjKzRzS5qZcymVpEwmfhOl4qUKFTDwEv2DX++0fuqqEzNu/cUkrVJTktvKAUv6OwLmHBI4FINTfXApB8T4nI=</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue>YtV+kpkiIixHP8mPEXelN5uj3dQn8CXP/t6Rt51+lgoZNsraAvVd4gnSsuI1AmKkB5+IPvgvz81Cs+RAL0+0VIn7mqBpPcN46h7WzT2Z9ngKwVdHlzUYlnwRJ+h3vSS/m/XkftY1v0uB0HdSs1+rkVoyyuYgCIIJrPm3lHoP88RVPmEHSfYCoiBJ9WGj5LURMvjs8qxYjAf7LsA3vu3POHYs8xJY6Bvi6X+9EsmRoNFI4fe97mHPuCsUD2pPVshT79wcPWyLG8+2jc9Cmp3+48ju+Y4h59GilHA28t0Hg/nnDn2JEJRtcDd3OMDbI2nh</CipherValue> </CipherData> </EncryptedData> </SecureConfigElement> </database>

XML

Copy Code

<database id="AdventureWorks">
    <SecureConfigElement provider="RsaProtectedConfigurationProvider">
        <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
            <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
                    <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
                    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                        <KeyName>Rsa Key</KeyName>
                    </KeyInfo>
                    <CipherData>
                        <CipherValue>DHCtkt39bOVhb/nztoqDn5KUUu0TqrFLshYvpsa5AMAsCRyLfndRZqOV2QZwhzGQN8hyDq4ySd05e/NdH+ZeTRXcjKzRzS5qZcymVpEwmfhOl4qUKFTDwEv2DX++0fuqqEzNu/cUkrVJTktvKAUv6OwLmHBI4FINTfXApB8T4nI=</CipherValue>
                    </CipherData>
                </EncryptedKey>
            </KeyInfo>
            <CipherData>
                <CipherValue>YtV+kpkiIixHP8mPEXelN5uj3dQn8CXP/t6Rt51+lgoZNsraAvVd4gnSsuI1AmKkB5+IPvgvz81Cs+RAL0+0VIn7mqBpPcN46h7WzT2Z9ngKwVdHlzUYlnwRJ+h3vSS/m/XkftY1v0uB0HdSs1+rkVoyyuYgCIIJrPm3lHoP88RVPmEHSfYCoiBJ9WGj5LURMvjs8qxYjAf7LsA3vu3POHYs8xJY6Bvi6X+9EsmRoNFI4fe97mHPuCsUD2pPVshT79wcPWyLG8+2jc9Cmp3+48ju+Y4h59GilHA28t0Hg/nnDn2JEJRtcDd3OMDbI2nh</CipherValue>
            </CipherData>
        </EncryptedData>
    </SecureConfigElement>
</database>

Install & Config