在下面的示例中,我保护“ Sleutels.config”文件的“ DemoWinApp.Properties.Settings”部分。
private static void toggleProtectionSleutelsConfig()
{
var fileMap = new ConfigurationFileMap(@"D:\Experimenten\ReadProtectedConfigFile\Sleutels.config");
var configuration = ConfigurationManager.OpenMappedMachineConfiguration(fileMap);
var sectionGroup = configuration.GetSectionGroup("applicationSettings"); // This is the section group name, change to your needs
var section = (ClientSettingsSection)sectionGroup.Sections.Get("DemoWinApp.Properties.Settings"); // This is the section name, change to your needs
var setting = section.Settings.Get("SecretMessage"); // This is the setting name, change to your needs
Console.WriteLine(setting.Value.ValueXml.InnerText);
// Toggle beveiliging
if (!section.SectionInformation.IsProtected)
{
//Protecting the specified section with the specified provider
section.SectionInformation.ProtectSection("RSA");
}
else
{
section.SectionInformation.UnprotectSection();
}
section.SectionInformation.ForceSave = true;
configuration.Save(ConfigurationSaveMode.Modified);
Console.ReadKey();
}
“ Sleutels.config”文件的内容是:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<sectionGroup name="applicationSettings"
type="System.Configuration.ApplicationSettingsGroup, 
 System, Version=2.0.0.0, Culture=neutral, 
 PublicKeyToken=b77a5c561934e089">
<section name="DemoWinApp.Properties.Settings" type="System.Configuration.ClientSettingsSection,
System, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</sectionGroup>
</configSections>
<applicationSettings>
<DemoWinApp.Properties.Settings>
<setting name="SecretMessage" serializeAs="String">
<value>This is the secret message.</value>
</setting>
</DemoWinApp.Properties.Settings>
</applicationSettings>
<configProtectedData>
<providers>
<add name="RSA"
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,
 Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,
 processorArchitecture=MSIL"
keyContainerName="RobinsKeys"
useMachineContainer="true" />
</providers>
</configProtectedData>
</configuration>运行代码后,“ Sleutels.config”文件被加密,并在C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys中创建了一个RSA密钥容器
如果我尝试通过命令行导出RSA密钥容器:
c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -pc "RobinsKeys" –exp
然后我收到错误消息:
Exporting RSA Keys to file...
Key not valid for use in specified state.
这意味着RSA密钥容器未标记为“可导出”。如果要使用命令行创建密钥容器,则有一个可选参数“ -exp”将密钥标记为可导出。
例如:aspnet_regiis -pc“ RobinsKeys” -exp
-exp选项在代码中使用section.SectionInformation.ProtectSection("RSA");方法还是作为“ Sleutels.config”配置文件的RSA提供程序部分中的配置选项是否也可用?
感谢您的任何帮助!
为了总结讨论,您需要先创建一个RSA crypto container <>,然后才能使用它来存储RSA密钥。原因是 没有选项RSAProtectedConfigurationProvider void Main()
{
// Create the CspParameters object and set the key container
// name used to store the RSA key pair.
var cp = new System.Security.Cryptography.CspParameters();
cp.Flags = System.Security.Cryptography.CspProviderFlags.UseMachineKeyStore;
cp.KeyContainerName = "RobinsKeys";
// Create a new instance of RSACryptoServiceProvider that accesses
// the key container MyKeyContainerName.
// If it is not already there, it will create a new exportable one, which is exportable.
var myRSA = new System.Security.Cryptography.RSACryptoServiceProvider(cp);
// print it on console
Console.WriteLine($"=== Container: {cp.KeyContainerName} ===");
Console.WriteLine(myRSA.ToXmlString(true).Replace("><", ">\n<"));
}
可以更详细地阅读here。提供的链接还显示了如何>>
生成并保存密钥对
aspnet_regiis参数。一旦创建了RSA容器,IIS便可以使用它。重要的是要了解
用户级别
和机器级别密钥容器之间的区别,即is described in this documentation。请让我知道讨论中是否有任何遗漏,我将更新此答案。