如何选择/执行与aspnet_regiis的AES加密来加密的web.config值? [英] How do I select/enforce AES encryption with aspnet_regiis to encrypt web.config values?
问题描述
我需要为我们的ASP.Net 4.0项目加密我们的web.config中的一部分,但我们需要使用AES和默认似乎是三重DES。我怎么能告诉它使用AES加密呢?
在命令提示符下我下面的命令:
为aspnet_regiis -pcNetFrameworkConfigurationKey-exp
为aspnet_regiis -pe是connectionStrings-app/<&的MyApp GT;
我想我通过选择适当的CSP(-csp)设置加密方法为AES,但我一直没能找到或找出正确的名称。
和在加密的web.config线路之一是:
< EncryptionMethod算法=http://www.w3.org/2001/04/xmlenc#tripledes-cbc/>
提供商使用-prov参数选择aspnet_regiis的。提供者被登记在使用configProtectedData部网路/ machine.config中。为了注册AES你会使用这样的:
< configProtectedData>
<供应商>
<添加名称=AesProvider
类型=Microsoft.ApplicationHost.AesProtectedConfigurationProvider
描述=使用一个AES会话密钥来加密和解密
keyContainerName =iisConfigurationKeycspProviderName =
useOAEP =假useMachineContainer =真
sessionKey =aSessionKeyGoesHere/>
< /供应商>
< / configProtectedData>
在我的机器RSA和DPAPI在machine.config中的preconfigured算法。
前提是AES提供注册,你应该能够使用加密一个配置部分:
为aspnet_regiis -pe是connectionStrings-app/<&的MyApp GT; -provAesProvider
I need to encrypt part of our web.config for our ASP.Net 4.0 project, but we are required to use AES and the default appears to be Triple DES. How can I tell it to use AES encryption instead?
In the command prompt I do the following commands:
aspnet_regiis -pc "NetFrameworkConfigurationKey" -exp
aspnet_regiis -pe "connectionStrings" -app "/<myapp>"
I figure I set the encryption method to AES by selecting the appropriate CSP (-csp) but I haven't been able to find or figure out the name of the right one.
And one of the lines in the encrypted web.config is:
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
The provider is selected using the -prov parameter to aspnet_regiis. The providers are registered in the web/machine.config using the configProtectedData section. In order to register AES you would use something like this:
<configProtectedData>
<providers>
<add name="AesProvider"
type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider"
description="Uses an AES session key to encrypt and decrypt"
keyContainerName="iisConfigurationKey" cspProviderName=""
useOAEP="false" useMachineContainer="true"
sessionKey="aSessionKeyGoesHere" />
</providers>
</configProtectedData>
On my machine RSA and DPAPI are the preconfigured algorithms in machine.config.
Provided that the AES provider is registered you should be able to encrypt a config section using:
aspnet_regiis -pe "connectionStrings" -app "/<myapp>" -prov "AesProvider"
这篇关于如何选择/执行与aspnet_regiis的AES加密来加密的web.config值?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!