How to encrypt web.config with AES instead of 3DES

0
votes

I am currently attempting to use aspnet_regiis to encrypt the web.config file. While it uses RSA to encrypt the key, the encryption methodology for encrypting the web.config file is 3DES, which NIST no longer recommends using. So, does anyone know how to encrypt the web.config file with AES? Bonus, if it is possible, how would I set the key size (e.g., 128, 256 ... 2048 bit)?

I reviewed the following links and their attendant links without success:

Change Microsoft Config File Encryption Method From TripleDES

RSACryptoServiceProvider and Web.config encryption

1
c#asp.netasp.net-mvcencryptioncryptography
msdn.microsoft.com/en-us/library/68ze1hb2.aspx - NnN

1 Answers

1
votes

By default, asp.net offer two providers:

RSAProtectedConfigurationProvider

DPAPIProtectedConfigurationProvider

If you can't use another one, you must implement your custom provider.

And after that, register your provider:

<providers>
  <add keyContainerName="CustomKeys" 
           useMachineContainer="true"
           description="My custom provider"
           name="CustomProvider" type="MyApp.MyCustomProtectedConfigurationProvider" />
  </providers>

And use it:

aspnet_regiis -pe "connectionStrings" -app "/MyApp" -prov "CustomProvider"

This link have an example with how to implement a Configuration Provider.