详解C#App.config和Web.config加密
程序员文章站
2023-12-18 14:30:16
打开cmd,进入vs安装目录c:\windows\microsoft.net\framework64\v4.0.30319
cd c:\windows\micro...
打开cmd,进入vs安装目录c:\windows\microsoft.net\framework64\v4.0.30319
cd c:\windows\microsoft.net\framework64\v4.0.30319
如果是web.config就直接加密,是app.config就先改为web.config才可以进行加密
aspnet_regiis -pef "节点" "项目路径"
例如:
需要加密的app.config数据库连接字符串为
<connectionstrings> <add name="connstr" connectionstring="data source=.;initial catalog=testdb;user id=sa;password=123456" /> </connectionstrings>
加密命令为
aspnet_regiis -pef "connectionstrings" "web.config所在目录"
如加密失败
解决方案:
创建一个可导出的rsa密钥容器,命名为key
aspnet_regiis -pc "key" -exp
将web.cofig/app.config的configuration增加属性值xmlns,即改为
<configuration xmlns="http://schemas.microsoft.com/.netconfiguration/v2.0">
将数据库连接字符串改为以下:
<configprotecteddata> <providers> <clear /> <add name="keyprovider" type="system.configuration.rsaprotectedconfigurationprovider, system.configuration, version=2.0.0.0,culture=neutral, publickeytoken=b03f5f7f11d50a3a, processorarchitecture=msil" keycontainername="key" usemachinecontainer="true"/> </providers> </configprotecteddata> <connectionstrings> <add name="connstr" connectionstring="data source=.;initial catalog=testdb;user id=sa;password=123456;" providername="system.data.sqlclient" /> </connectionstrings>
开始对配置文件进行加密
aspnet_regiis -pef "connectionstrings" "web.config所在目录" -prov "keyprovider"
注意:vs会提示是否修改,选择全是
解密配置文件
aspnet_regiis -pdf "connectionstrings" "web.config所在目录"
如果是app.config改成的web.config,加密成功之后再改为app.config,并删除configuration的属性xmlns值
未加密的web.config/app.config文件内容:
<?xml version="1.0" encoding="utf-8" ?> <configuration> <startup> <supportedruntime version="v4.0" sku=".netframework,version=v4.5.2" /> </startup> <connectionstrings> <add name="connstr" connectionstring="data source=.;initial catalog=testdb;user id=sa;password=123456" /> </connectionstrings> </configuration>
修改为加密后的web.config/app.config文件内容:
<?xml version="1.0" encoding="utf-8" ?> <configuration xmlns="http://schemas.microsoft.com/.netconfiguration/v2.0"> <startup> <supportedruntime version="v4.0" sku=".netframework,version=v4.5.2" /> </startup> <configprotecteddata> <providers> <clear /> <add name="keyprovider" type="system.configuration.rsaprotectedconfigurationprovider, system.configuration, version=2.0.0.0,culture=neutral, publickeytoken=b03f5f7f11d50a3a, processorarchitecture=msil" keycontainername="key" usemachinecontainer="true"/> </providers> </configprotecteddata> <connectionstrings> <add name="connstr" connectionstring="data source=.;initial catalog=testdb;user id=sa;password=123456;" providername="system.data.sqlclient" /> </connectionstrings> </configuration>
加密后的web.config/app.config文件内容:
<?xml version="1.0" encoding="utf-8" ?> <configuration xmlns="http://schemas.microsoft.com/.netconfiguration/v2.0"> <startup> <supportedruntime version="v4.0" sku=".netframework,version=v4.5.2" /> </startup> <configprotecteddata> <providers> <clear /> <add name="keyprovider" type="system.configuration.rsaprotectedconfigurationprovider, system.configuration, version=2.0.0.0,culture=neutral, publickeytoken=b03f5f7f11d50a3a, processorarchitecture=msil" keycontainername="key" usemachinecontainer="true"/> </providers> </configprotecteddata> <connectionstrings configprotectionprovider="keyprovider"> <encrypteddata type="http://www.w3.org/2001/04/xmlenc#element" xmlns="http://www.w3.org/2001/04/xmlenc#"> <encryptionmethod algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <keyinfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <encryptedkey xmlns="http://www.w3.org/2001/04/xmlenc#"> <encryptionmethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <keyinfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <keyname>rsa key</keyname> </keyinfo> <cipherdata> <ciphervalue>lslu2rvnlfr5om5mpbuqyhbetf6di/glz3zlfoqvzj+l1ymsocfgvc1lgrdfcplebf/r1izzyvnquesz3aevukpncg2ofmwdeapultj5ay24synbr4fntqqsf1pijelxrge8pzh7s49rlskwquwvtymrouoimcmd4xipmn/cqpq=</ciphervalue> </cipherdata> </encryptedkey> </keyinfo> <cipherdata> <ciphervalue>dexehu/mqe+wkd51qxhi9jwbheuru6eqxbqinogoydgpw/w4xtpi3dttdcezjxbahvykaxlfkpxxljce07antn7vxrfdov0olsq/3+hkyqvxri5a80xvkokh2cqavwx/gjc7jbbbrlkxjvs93m+oqwgkpw0twczll1ns97g5w8qstgn6vszaizw1z6gkxlsrmf9224exgq+dgjs9bsu+mxakkd9eavelmtwv2r7jixseneggdr49mtdu91j1dsdj6am3ncahmrq=</ciphervalue> </cipherdata> </encrypteddata> </connectionstrings> </configuration>
导出密钥容器
spnet_regiis -px "key" "d:\key.xml"
注意:加上-pri参数为导出公钥+私钥
导入密钥容器
aspnet_regiis -pi "key" "d:\key.xml"
删除密钥容器
aspnet_regiis -pz "key"
注意:删除密钥程序会报错