Web.config encryption and RSA key container

Asked

Viewed 162 times

1

It’s been discussed how encrypt Web.config, has also been discussed as use encrypted Web.config, but my doubt is as follows:

If you are using the default provider Rsa Protected Provider to perform the encryption, and if you want to read the content of the web.config on another computer, you need to export the key from the server where you made the encryption and import it to the machine that wants to undo the process.

So far, so good, though:

  • Every machine that runs my application, I need to be performing the import, this already leaves us a gap, for the simple fact of having the key anyone can decrypt.

I would like to understand, or if possible a direction, how to leave this key only on my server, for example, when running the application, it requests to the server and it returns to ConnectingString.

Or another method to protect the ConnectingString not dependent on import or export of key.

No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.