加密用于部署 .NET 的配置文件 [英] Encrypting config files for deployment .NET

问题描述

我有一个从 app.config 读取的 Windows 服务

I have a windows service that reads from app.config

我希望对某些设置进行加密，但是，我不想使用 .NET 中提供的 ProtectedConfigurationProvider 类，因为它们使用 DPAPI 根据运行文件的机器对文件进行加密.

I want some settings to be encrypted, however, I don't want to use the ProtectedConfigurationProvider classes provided in .NET because they encrypt files based on the machine they are running on using DPAPI.

我想要的是一种方法，让我们的管理员可以将已经加密的配置文件部署到多台机器上，并在需要时让每台机器解密它们.

What I wanted was a way for our administrator to deploy the config file already encrypted to many machines and have each machine decrypt them when needed.

我也不想将密码硬编码到程序集中，所以我不知道我该怎么做.

I don't want to hardcode a password into the assembly either so I'm not sure how I can go about this.

推荐答案

也许您的中央服务器可以维护所有端点的私钥数据库，然后它可以为此使用特定的机器密钥.

Perhaps your central server can maintains a database of the private keys for all the end points, then it could use the specific machine key for that.

所有机器的共享私钥不会那么安全.

A shared private key for all the machines is not going to be that secure.

这篇关于加密用于部署 .NET 的配置文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！