markneustadt.com

Decrypting app.Config

Do you need to decrypt an app.config file? There are lots of directions explaining the process if you’re dealing with a web application, but if you’re dealing with a windows app or a service of some sort, you don’t have a web.config…  all you have is an app.config. The process isn’t all that different.

Here’s what an encrypted app.config “appSettings” section might look like.

<appSettings configProtectionProvider="RsaProtectedConfigurationProvider">
    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
      xmlns="http://www.w3.org/2001/04/xmlenc#">
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
          <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
          <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <KeyName>Rsa Key</KeyName>
          </KeyInfo>
          <CipherData>
            <CipherValue>go/dhSMP2Vx5vUWAuKWePbN2naATBUrY+R/aRmKG7OlebiW73HDhPgBn3wzYY2
            yk9y2doF8rm7Tg6ojffdLWGGv8e6iGjWEhc66DOcIzp1VhSs+wS00dBJnrd4J994qk=</CipherValue>
          </CipherData>
        </EncryptedKey>
      </KeyInfo>
      <CipherData>
        <CipherValue>OxsoL/ZYbESul923hmNSSisKJpIoxH8OruFzo0ngJqkDOHIIGCsrGNWxiGTRgQudpLr
        Tz31OkMZYQSPh0Mb6V35BaDAKfH6uX3591E8pd2gOoTN4fZuUqoactqEniMzuKQWuuDBVUQfamxCDxe8
        h87gh9gKHUbFASi9ZYrkQy3Bw9sRKN2gwB7hGXVNQD8sF84mOvJZ9GInwgVFh6tVAgiiInn</CipherValue>
      </CipherData>
    </EncryptedData>
  </appSettings>

I’ll make the assumption that you’re using the RsaProtectedConfigurationProvider and that it’s already setup. If it’s not, well… you’ll need to get that figured out first. To decrypt the file, you need to follow this process.

Copy your encrypted app.config file to a new file called web.config. Be sure the web.config is in the root directory of your application.

Run the following command – Notice the PDF to indicate we’re working with a physical file location and that the physical file location is the root of the application.

C:\tfs\datfsp101\jetstream\Runtime\Dev\WindowsServices\JetstreamDeviceConsoleService\Config>aspnet_regiis -pdf "appSettings" C:\tfs\datfsp101\jetstream\Runtime\Dev\WindowsServices\JetstreamDeviceConsoleService 

Decrypting configuration section...

Succeeded!

Now, you can either rename your original app.config and copy your decrypted web.config over it or you can open web.config and paste the “appSettings” section over the encrypted portion in your app.config. Either way, you’re all set.

Scroll To Top