What algorithms are used by RSAProtectedConfigurationProvider in web.config encyrption?

3
votes

I cannot find (after hours of googling) the MSDN article/doc that declares what algorithms are used by the RSAProtectedConfigurationProvider when encrypting a section of the web.config file for an ASP.NET web application. I recall reading that it uses RSA for the key, and 3DES for the actual connection string.

What algorithms are used in encrypting the web.config file when using the default RSAProtectedConfigurationProvider (for both the key and the data)? Can someone provide a link to the appropriate MSDN article or other documentation on this?

1
asp.netencryption
See also stackoverflow.com/questions/12301485/…EricLaw
@cloggins glad we got this one sorted! I thought I would find an answer to your question, but did not, so posted mine. EricLaw - you the man!gmaran23

1 Answers

3
votes

RSA (naturally) is used as the asymmetric algorithm that is used to protect the symmetric key that is encrypted and stored alongside the protected data.

If you look at the relevant code in Reflector, there's a strong indication that the symmetric algorithm used to protect the data is AES256 ("http://www.w3.org/2001/04/xmlenc#aes256-cbc") although TripleDES is also supported.

Use Reflector or JustDecompile and have a look at:

public EncryptedData Encrypt(XmlElement inputElement, string keyName); Declaring Type: System.Security.Cryptography.Xml.EncryptedXml