Export / Import key problem

Discussion in 'ASP .Net Security' started by Diane Droubay, Aug 17, 2007.

  1. I have encrypted the identity section of my web.config file, using the RSA
    provider. The built-in encrypt/decrypt works just fine. The problem is, when
    I move the app to another machine.

    My web.config provider entry looks like this.

    <configProtectedData>
    <providers>
    <add name="MyProvider"
    type="System.Configuration.RsaProtectedConfigurationProvider,
    System.Configuration, Version=2.0.0.0, Culture=neutral,
    PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
    keyContainerName="MyKey" useMachineContainer="false"/>
    </providers>
    </configProtectedData>

    I moved the app, exported the key using the Certificate snap-in in mmc, then
    imported it into the other machine and used aspnet_regiis to grant
    permissions to the ASPNET user. When I try to run my app on this box, I get
    the following error:

    Configuration Error
    Description: An error occurred during the processing of a configuration file
    required to service this request. Please review the specific error details
    below and modify your configuration file appropriately.

    Parser Error Message: Failed to decrypt using provider
    'RsaProtectedConfigurationProvider'. Error message from the provider: The RSA
    key container could not be opened.

    Source Error:


    Line 68: <authentication mode="Windows"/>
    Line 69: <identity
    configProtectionProvider="RsaProtectedConfigurationProvider">
    Line 70: <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
    Line 71: xmlns="http://www.w3.org/2001/04/xmlenc#">
    Line 72: <EncryptionMethod
    Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />


    If I delete the encrypted section in the web.config file on the new box,
    then re-encrypt from there, it works fine again, but is not portable to my
    other machine. This makes me think that the export/import is not working
    correctly.

    Any ideas?

    Thanks.
     
    Diane Droubay, Aug 17, 2007
    #1
    1. Advertising

  2. use aspnet_regiis for the im/export...


    -----
    Dominick Baier (http://www.leastprivilege.com)

    Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

    > I have encrypted the identity section of my web.config file, using the
    > RSA provider. The built-in encrypt/decrypt works just fine. The
    > problem is, when I move the app to another machine.
    >
    > My web.config provider entry looks like this.
    >
    > <configProtectedData>
    > <providers>
    > <add name="MyProvider"
    > type="System.Configuration.RsaProtectedConfigurationProvider,
    > System.Configuration, Version=2.0.0.0, Culture=neutral,
    > PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
    > keyContainerName="MyKey" useMachineContainer="false"/>
    > </providers>
    > </configProtectedData>
    > I moved the app, exported the key using the Certificate snap-in in
    > mmc, then imported it into the other machine and used aspnet_regiis to
    > grant permissions to the ASPNET user. When I try to run my app on this
    > box, I get the following error:
    >
    > Configuration Error Description: An error occurred during the
    > processing of a configuration file required to service this request.
    > Please review the specific error details below and modify your
    > configuration file appropriately.
    >
    > Parser Error Message: Failed to decrypt using provider
    > 'RsaProtectedConfigurationProvider'. Error message from the provider:
    > The RSA key container could not be opened.
    >
    > Source Error:
    >
    > Line 68: <authentication mode="Windows"/>
    > Line 69: <identity
    > configProtectionProvider="RsaProtectedConfigurationProvider">
    > Line 70: <EncryptedData
    > Type="http://www.w3.org/2001/04/xmlenc#Element"
    > Line 71: xmlns="http://www.w3.org/2001/04/xmlenc#">
    > Line 72: <EncryptionMethod
    > Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
    > If I delete the encrypted section in the web.config file on the new
    > box, then re-encrypt from there, it works fine again, but is not
    > portable to my other machine. This makes me think that the
    > export/import is not working correctly.
    >
    > Any ideas?
    >
    > Thanks.
    >
     
    Dominick Baier, Aug 26, 2007
    #2
    1. Advertising

  3. Thanks. I'll give that a try.

    Diane

    "Dominick Baier" wrote:

    > use aspnet_regiis for the im/export...
    >
    >
    > -----
    > Dominick Baier (http://www.leastprivilege.com)
    >
    > Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
    >
    > > I have encrypted the identity section of my web.config file, using the
    > > RSA provider. The built-in encrypt/decrypt works just fine. The
    > > problem is, when I move the app to another machine.
    > >
    > > My web.config provider entry looks like this.
    > >
    > > <configProtectedData>
    > > <providers>
    > > <add name="MyProvider"
    > > type="System.Configuration.RsaProtectedConfigurationProvider,
    > > System.Configuration, Version=2.0.0.0, Culture=neutral,
    > > PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
    > > keyContainerName="MyKey" useMachineContainer="false"/>
    > > </providers>
    > > </configProtectedData>
    > > I moved the app, exported the key using the Certificate snap-in in
    > > mmc, then imported it into the other machine and used aspnet_regiis to
    > > grant permissions to the ASPNET user. When I try to run my app on this
    > > box, I get the following error:
    > >
    > > Configuration Error Description: An error occurred during the
    > > processing of a configuration file required to service this request.
    > > Please review the specific error details below and modify your
    > > configuration file appropriately.
    > >
    > > Parser Error Message: Failed to decrypt using provider
    > > 'RsaProtectedConfigurationProvider'. Error message from the provider:
    > > The RSA key container could not be opened.
    > >
    > > Source Error:
    > >
    > > Line 68: <authentication mode="Windows"/>
    > > Line 69: <identity
    > > configProtectionProvider="RsaProtectedConfigurationProvider">
    > > Line 70: <EncryptedData
    > > Type="http://www.w3.org/2001/04/xmlenc#Element"
    > > Line 71: xmlns="http://www.w3.org/2001/04/xmlenc#">
    > > Line 72: <EncryptionMethod
    > > Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
    > > If I delete the encrypted section in the web.config file on the new
    > > box, then re-encrypt from there, it works fine again, but is not
    > > portable to my other machine. This makes me think that the
    > > export/import is not working correctly.
    > >
    > > Any ideas?
    > >
    > > Thanks.
    > >

    >
    >
    >
     
    Diane Droubay, Aug 27, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?RGF2aWQgVmFsbGU=?=

    Invalid export DLL or export format

    =?Utf-8?B?RGF2aWQgVmFsbGU=?=, Oct 29, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    3,664
    =?Utf-8?B?RGF2aWQgVmFsbGU=?=
    Oct 29, 2003
  2. =?Utf-8?B?U2l1?=

    Export and Import from Excel into a Web page

    =?Utf-8?B?U2l1?=, Feb 28, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    13,961
  3. saket
    Replies:
    0
    Views:
    478
    saket
    Jan 4, 2006
  4. M P
    Replies:
    1
    Views:
    540
  5. Maarten Porters
    Replies:
    1
    Views:
    462
    Florian Gilcher
    Jul 28, 2008
Loading...

Share This Page