Encryption

Because you may wish to have somewhat sensitive information in a configuration file - such as connectionstrings - and the configuration server is serving data over HTTP and makes all stored data trivially available to anyone with a web browser and access to the network, the configuration system has the ability to encrypt the sections that are being stored. There are of course many ways to get around any encryption scheme, but this allows some measure of protection.

The server uses the Rigndael Symmetric Algorithm as built into .NET. For more information see http://msdn.microsoft.com/en-us/library/system.security.cryptography.symmetricalgorithm.aspx

The symmetric algorithm class requires both a key and an initialization vector. Because storing these in configuration files would make them trivially available to anyone with file system access, the server requires an implementation of MySpace.ConfigurationSystem.Encryption.IKeyProvider to provide them. We did not include any implementation of this class but creating one is simple.

After you have created an implementation, as described below, you simply need to include the assembly that contains it in your runtime folders for both the .Net Client and Server, and supply its type definition to the keyProviderTypeName attribute in each of the respective app configs.

IKeyProvider

IKeyProvider is defined in MySpace.ConfigurationSystem.Encryption, and contains the following two methods.

/// <summary>
/// Returns the key to be used by the encryption algorithm.
/// </summary>
byte[] GetKey();
		
/// <summary>
/// Returns the initialization vector to be used by the encryption algorithm.
/// </summary>
byte[] GetIV();

The KeyProvider class contained in the same assembly demonstrates how to create base64 encoded versions of keys and initialization vectors. You can use this class to generate keys and then store them however you see fit for your key provider to return.

Last edited May 24, 2011 at 11:09 PM by eriknelson, version 4

Comments

No comments yet.