Sensitive Data

  • Article

patterns & practices Developer Center

  • How to: Encrypt Sensitive Data in Configuration Files
  • How to: Protect Sensitive Data in Memory
  • How to: Protect Sensitive Data on the Network

How to: Encrypt Sensitive Data in Configuration Files

To encrypt sensitive data in configuration files, use the aspnet_regiis.exe tool with the -pe (provider encryption) option.

Use the following command to encrypt the connectionStrings section using the Data Protection API (DPAPI) provider with the machine key store (the default configuration). Run the following command from a command prompt:

aspnet_regiis -pe "connectionStrings" -app "/MachineDPAPI" -prov "DataProtectionConfigurationProvider"

In this command:

  • -pe specifies the configuration section to encrypt.
  • -app specifies your Web application's virtual path. If your application is nested, you need to specify the nested path from the root directory; for example, "/test/aspnet/MachineDPAPI".
  • -prov specifies the provider name.

The Microsoft .NET Framework supports the following protected configuration providers:

  • RSAProtectedConfigurationProvider. This is the default provider. It uses RSA public key encryption to encrypt and decrypt data. Use this provider to encrypt configuration files for use on multiple WCF services in a Web farm.
  • DPAPIProtectedConfigurationProvider. This provider uses DPAPI to encrypt and decrypt data. Use this provider to encrypt configuration files for use on a single Windows Server.

You do not need to take any special steps for decryption; the .NET run time takes care of this for you.

Additional Resources

How to: Protect Sensitive Data in Memory

To minimize exposure of secrets in memory, consider the following measures:

  • Avoid creating multiple copies of the secret. Having multiple copies of the secret data increases your attack surface. Pass references to secret data instead of making copies of the data. Also, be aware that if you store secrets in immutable objects such as System.String, a new copy is created after each object manipulation.
  • Keep the secret encrypted for as long as possible. Decrypt the data at the last possible moment before you need to use the secret.
  • Clean the cleartext version of the secret as soon as you are done using it.

You can use the SecureString method to implement the above measures. The value of a SecureString object is automatically encrypted, can be modified until your application marks it as read-only, and can be deleted from computer memory by either your application or the .NET Framework garbage collector.

The following C# code creates an instance of the SecureString class and stores a data value in it.

using System;
using System.Collections.Generic;
using System.Text;

namespace TestSecureString 
{
  class Program 
  {
static void Main(string[] args) 
{
System.Security.SecureString secstr = new System.Security.SecureString();
secstr.AppendChar('W');
secstr.AppendChar('C');
secstr.AppendChar('F');
secstr.MakeReadOnly();
Console.WriteLine(secstr);
} 
  } 
}

An exception is thrown if you attempt to alter the data because the code locks the string value with the MakeReadOnly method after the final character has been added. Therefore this string value cannot be altered.

Additional Resources

How to: Protect Sensitive Data on the Network

Use message or transport security to encrypt your messages and keep sensitive information from being sniffed off the network. Message security encrypts each individual message to protect sensitive data. Transport security secures the end-to-end network connection to protect the network traffic.

Additional Resources