如何选择/执行与aspnet_regiis的AES加密来加密的web.config值？ [英] How do I select/enforce AES encryption with aspnet_regiis to encrypt web.config values?

问题描述

我需要为我们的ASP.Net 4.0项目加密我们的web.config中的一部分，但我们需要使用AES和默认似乎是三重DES。我怎么能告诉它使用AES加密呢？

在命令提示符下我下面的命令：

 为aspnet_regiis -pcNetFrameworkConfigurationKey-exp
为aspnet_regiis -pe是connectionStrings-app/＆LT;＆的MyApp GT;
 

我想我通过选择适当的CSP（-csp）设置加密方法为AES，但我一直没能找到或找出正确的名称。

和在加密的web.config线路之一是：

 ＆LT; EncryptionMethod算法=htt​​p://www.w3.org/2001/04/xmlenc#tripledes-cbc/＆GT;
 

解决方案

提供商使用-prov参数选择aspnet_regiis的。提供者被登记在使用configProtectedData部网路/ machine.config中。为了注册AES你会使用这样的：

 ＆LT; configProtectedData＆GT;
    ＆LT;供应商＆GT;
        ＆LT;添加名称=AesProvider
            类型=Microsoft.ApplicationHost.AesProtectedConfigurationProvider
            描述=使用一个AES会话密钥来加密和解密
            keyContainerName =iisConfigurationKeycspProviderName =
            useOAEP =假useMachineContainer =真
            sessionKey =aSessionKeyGoesHere/＆GT;
    ＆LT; /供应商＆GT;
＆LT; / configProtectedData＆GT;
 

在我的机器RSA和DPAPI在machine.config中的preconfigured算法。

前提是AES提供注册，你应该能够使用加密一个配置部分：

 为aspnet_regiis -pe是connectionStrings-app/＆LT;＆的MyApp GT; -provAesProvider
 

I need to encrypt part of our web.config for our ASP.Net 4.0 project, but we are required to use AES and the default appears to be Triple DES. How can I tell it to use AES encryption instead?

In the command prompt I do the following commands:

aspnet_regiis -pc "NetFrameworkConfigurationKey" -exp
aspnet_regiis -pe "connectionStrings" -app "/<myapp>"

I figure I set the encryption method to AES by selecting the appropriate CSP (-csp) but I haven't been able to find or figure out the name of the right one.

And one of the lines in the encrypted web.config is:

<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />

解决方案

The provider is selected using the -prov parameter to aspnet_regiis. The providers are registered in the web/machine.config using the configProtectedData section. In order to register AES you would use something like this:

<configProtectedData>
    <providers>
        <add name="AesProvider"
            type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider"
            description="Uses an AES session key to encrypt and decrypt"
            keyContainerName="iisConfigurationKey" cspProviderName=""
            useOAEP="false" useMachineContainer="true"
            sessionKey="aSessionKeyGoesHere" />
    </providers>
</configProtectedData>

On my machine RSA and DPAPI are the preconfigured algorithms in machine.config.

Provided that the AES provider is registered you should be able to encrypt a config section using:

aspnet_regiis -pe "connectionStrings" -app "/<myapp>" -prov "AesProvider"

这篇关于如何选择/执行与aspnet_regiis的AES加密来加密的web.config值？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！