类似的问题在这里已经问过，但他们的答案是不够的，我的。 我想知道的是明确的方法来加密连接字符串在配置文件中。这里是我的问题：

使用机器级加密，不能任何人访问我的服务器写一个小的.Net程序来读取连接字符串的内容？

如果我是部署在企业环境中我的应用程序给用户的机器，而应用程序的配置文件连接字符串，我如何才能确保只有我的应用程序可以解密？该方案是一个ClickOnce部署场景特别有趣。我读过有关人存储未加密的配置在发布服务器和机器级加密时，应用程序的下载，安装并首次执行。这听起来是我错了 - 连接字符串未受保护荏苒通过电线，坐在未受保护的下载和应用程序执行的一小段时间

我可以有一个公共和私有密钥，请我的应用程序，加密与密钥的配置文件，当用户执行它，解密只可以从签名的应用程序？

由于我使用ClickOnce，我可以有我的加密在code敏感信息或嵌入，因为ClickOnce的检测不​​到，除非版本号的变化的变化。所以，如果我需要重新编译，如果我改变我的连接字符串，一个app.config点静音。我可以采取什么其他方法，出边使用配置文件，实现保护连接字符串中的服务器，客户端和中间？

感谢你这么多的帮助。

解决方案 是。秘密加密的计算机密钥可通过任何方法用访问机器密钥来解密。秘密加密的用户密钥可以通过同一个用户启动的任何过程进行解密。 这是不可能的。所有的相反说法是万金油。你的应用程序需要一个秘密解密的东西。没有已知的计划，以隐藏应用程序内部的一个秘密。有各种模糊的计划，但没有防弹。你能做的最好的是提高了吧。 没有。无论是应用程序的密钥来解密的东西，在这种情况下，你回去点2，或您的应用程序的公开密钥，在这种情况下，任何人都可以解密相同的秘密，所以你基本上做配置的验证（是不被篡改），但配置已经不是秘密了。 您不能在应用程序安全地部署嵌入式秘密。是多高的价格只是一个问题，如果你的资产保护（秘密）是值得的，那么黑客能得到它。

加密的基础设施的设计，以防止其它用户的当前用户的秘密。它不是旨在保护应用程序的秘密从使用它的用户。你问什么是不加密，数字版权管理，你需要寻找到答案的DRM基础设施。我不知道周围的 DRM API 一个托管库。

Similar questions have been asked here, but their answers are not enough to me. What I would like to know is the definite approach to encrypting connection strings in a config file. Here are my questions:

Using machine-level encryption, can't anybody accessing my server write a little .Net program to read the contents of the connection strings?

If I am deploying my application to users machines in an enterprise environment, and the application has connection strings in a config file, how can I make sure only my application can decrypt it? The scenario is especially interesting in a ClickOnce deployment scenario. I've read about people storing the config unencrypted at the publisher server and encrypting at the machine level when the app is downloaded, installed and executed for the first time. This sounds so wrong to me - connection strings zipping unprotected through the wire, and sitting unprotected for a brief amount of time between download and application execution.

Can I have a public and private key, sign my app, encrypt the config file with a key, and when the user executes it, decryption would only be possible from the signed application?

Since I am using ClickOnce, I could have my encrypted sensitive information in the code or embedded, because ClickOnce won't detect a change unless the version # changes. So, if I need to recompile if I change my connection string, the point of an app.config is muted. What other approaches can I take, out-side using an config file, to achieve protection of the connection strings at the server, client and in between?

Thank you so much for your help.

解决方案

Yes. Secrets encrypted with the machine key can be decrypted by any process with access to the machine key. Secrets encrypted with the user key can be decrypted by any process started by the same user. This is not possible. All contrary claims are snake oil. You application needs a secret to decrypt something. There are no known schemes to hide a secret inside an application. There are various obfuscation schemes, but nothing bulletproof. The best you can do is to raise the bar. No. Either the application has the secret key to decrypt something, in which case you go back to point 2, or your application has the public key, in which case anyone can decrypt the same secret, so you basically do a validation of the configuration (was not tampered with), but the configuration is not secret. You cannot deploy embedded secrets in an application securely. Is just a matter of how high is the price, if your protected asset (the secret) is worth it, then a hacker will get it.

The encryption infrastructure is designed to protect the secrets of the current user from other users. It is not designed to protect the secrets of an application from the user using it. What you ask for is not encryption, is DRM, and you need to look into the DRM infrastructure for answers. I'm not aware of a managed library around the DRM API.