Custom Encryption of connection strings in Configuration files using Certificates

This article will explain how to implement custom encryption of connection strings in configuration files using certificates for security reasons.

In most of the applications, connection strings will be mentioned encrypted format in configuration files. To provide more security to the applications we can use custom encryption using certificates. This will provide more security to the applications.

Steps:

• Generate the certificate using the following command which will also store the certificate under the Current User - Personal store
• Command to generate the test certificate :
• makecert -r -pe -n "CN=CSProtectedConfigCertificate" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr CurrentUser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
• Create a Custom Library project in Visual Studio and add this certificate to the project.
• Create class and implement methods for Encrypting and Decrypting similar to this link.
• Build this solution and register the DLL in GAC using Visual Studio Command Prompt

gacutil.exe -i CustomProtectedConfigurationProvider.dll

• Update below configuration details in machine.config or web.config:

CertificateName="CSProtectedConfigCertificate"   type="CustomProtectedConfigurationProvider.CustomProtectedConfigProvider,                   CustomProtectedConfigurationProvider, Version=1.0.0.0, Culture=neutral,PublicKeyToken=e03f7ad78f283bbf,processorArchitecture=MSIL"

   />

• Execute below commands for encrypting and decrypting connection strings which is used in configuration file:
• Command for Encrypting connection string (this will encrypt connection string in configuration file):
• aspnet_regiis -pe "connectionStrings" -prov "CustomProtectedConfigurationProvider" -pkm

• Command for decrypting connection string(this will decrypt connection string in configuration file:
• aspnet_regiis -pd "connectionStrings" -pkm