Utility for Encrypting .Net App.Config Sections

by martin 18. July 2011 23:00

.Net ships with aspnet_regiis.exe for encrypting configuration sections in Web.Config files, but there seems to be no quick and dirty way to do this in non-web applications.  Sure, if you are packaging up software into an installation package, you can add your own custom installation action to encrypt a configuration section (see The Code Project : Implementing Protected Configuration With Windows Apps).  Or you can write code into your application to automatically encrypt a config section if it encounters it in an unencrypted state (see The Code Project : Encrypting the app.config File for Windows Forms Applications).  If you have IIS installed on the box, you can even rename your App.config to web.config and still use aspnet_regiis (see DotNetProfessional.com: Encrypt Sections of Web.config or App.config).  But what if you just want a quick way to encrypt a config section or two without all the fuss?  Or, better yet, what if you forget a password or some other important secret that is already encrypted in an app.config somewhere and you need to get it back.

 

Here is a simple little command line app that allows you to do app.config section encryption and decryption without having to write any addtional code (The .Net framework already takes care of decrypting these values automatically for us when we use them in our code).  Only this one small EXE is required and the standard MS .Net 2.0+ runtime dlls that are already installed on your system.

AppConfigSectionEncyptor.exe (7 kb)

Below are the "Usage" instructions that result from running the EXE without any parameters.  "-e" is for encrypt, "-u" is for unencrypt.

C:\>AppConfigSectionEncyptor.exe
Usage:  AppConfigSectionEncyptor.exe [-e|-u] [-d] file section

Examples:

        AppConfigSectionEncyptor -e c:\MyCode\MyApp.exe mySecureSection
        AppConfigSectionEncyptor -e -d c:\MyCode\MyApp.exe mySecureSection
        AppConfigSectionEncyptor -u c:\MyCode\MyApp.exe mySecureSection
Please note that 'file' is the path to the EXE, not the config file itself.
Please note that you need adaquate permissions to the keystore for this to work.

-d = use the DPAPIProtectedConfigurationProvider for encryption instead of the default RSAProtectedConfigurationProvider.

 

I hope that you find this useful, but as always, here is the disclaimer:

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 

Currently rated 1.7 by 56 people

  • Currently 1.696426/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags: , , ,

C# | Windows

Add comment


(Will show your Gravatar icon)  

biuquote
  • Comment
  • Preview
Loading



Welcome

Please contact me if you have a great idea for a project and need technical expertise in designing, developing, or integrating a custom software solution.

Recent Comments

Comment RSS