Signing app.config

by Matt 10. April 2007 17:16

The System.Configuration.ProtectedConfigurationProvider class conceptually allows you to "protect" a node in a .net config file. The quotes here are important if I'm going to weasel my line of thinking in.

Of course, ProtectedConfigurationProvider is an abstract class. The two implementations shipped with .net include DpapiProtectedConfigurationProvider and RsaProtectedConfigurationProvider, the first using DPAPI to "protect" a node using a key which is specific to a particular machine. The second uses rsa keys, which can be installed on different machines.

Here we see the first problem. This technique is really intended for machines that you have control over, i.e. web.config files. In fact, the way you set up protection is with aspnet_regiis.

But what if you want to protect config files on the client - app.config files? You can't use the DPAPI class, because you need to encrypt it on the machine and for the user who's going to use it. You could use the rsa class, but then you need to install rsa keys; not necessarily a bad thing, but potentially inconvenient.

Let's look at those quotes around "protect". Clearly, in the classes that are used, protect means encryption. What if all we want to do is sign a node? We might have information that isn't sensitive, but that we don't really want changed - WCF configuration perhaps, and the security settings of a service. Or even something as prosaic as how often to call a web service. We probably don't want to have that hard coded, but we don't want just anyone to change it. (Of course, these examples are just to stop casual hacking (in the old skool use of the word) and changing the behaviour of our app, rather than have them develop something that could attack us.)

This does kind of subvert how the ProtectedConfigurationProvider is currently used, but does fit with the name - we are protected the node, after all. It doesn't necessarily help that the methods on PCP are Encrypt and Decrypt, but we can quite happily look the other way for something like that. At least we'd be safe in the knowledge that we're not subverting it as much as this Wrox article, which uses a custom protection provider to redirect config to a database.

This codeproject article is the only link I've found about protecting application config files. It highlights some interesting problems, not least of which is having to distribute the config file unprotected, and protecting it at install time.

I reckon I could write a custom provider that would be able to sign a configuration node. It'd still need a public key, but perhaps that could be embedded in the (signed) executable, rather than needing to be installed in the Certificate Store. The node would be wrapped in an XML-Signature envelope, the Decrypt method would just check the signature, throw a ConfigurationErrorsException if it's invalid or return the inner xml if everything's ok. Of course, since the content is in there in plain text, it would be dead easy to remove the signature envelope and the provider attribute and just have an unprotected node. The way round this is to have the code check that certain nodes' SectionInformation.IsProtected property is true, and fail if not.

I've still not 100% convinced this is actually worthwhile. Would it be simpler (if overkill) to just encrypt the sections? Is there a way to do this without using a protection provider, such as signing the entire file (I don't know where the signature would live in this case, or how to canonicalise the file)?

And the 64 million dollar question - am I just being paranoid about the need to sign config files? Is there any real config that I wouldn't want a customer to change? Is there actually anything you can set in the WCF config that would give me problems? Do I really want to have a config file that the customer can't configure?

Tags:

Comments (22) -

JDMoore
JDMoore
4/11/2007 1:59:39 AM #

RE: Signing app.config

Perhaps another option is to simply place checks on your configuration elements at the point of loading.

Perhaps a few range and sanity checks (eg domain for wcf endpoints), possibly with defaults are all that's required in this case?

Reply

FD
FD
6/18/2007 1:04:08 PM #

RE: Signing app.config

I don't think you're paranoid.  I think that it's not that you wouldn't want a customer to change a configuration setting, it's that you don't want the user to screw anything up while doing it manually.  If you really want a user to be able to change configuration settings, you would probably just write a user-friendly form for that.

Reply

Bed tray table ideas
Bed tray table ideas
2/11/2011 9:17:24 AM #

The average American worker has fifty interruptions a day, of which seventy percent have nothing to do with work.

Reply

best suv 2010
best suv 2010
7/20/2011 10:35:42 PM #

it ti permette di orientarti con semplicità nel pulviscolare niverso di Moncler.Troverai le indicazioni per lo spaccio o negozio Moncler più vicino a casa tua felpe moncler, pantaloni e abbigliamento sportivo.

Reply

best hybrid cars
best hybrid cars
7/22/2011 4:56:11 AM #

Per il tuo bambino scegli Moncler. Una scelta di capi, estivi ed invernali, eccezionali. Tuo figlio sarà sempre alla moda e potrà muoversi in totale comodità.

Reply

best ipad games
best ipad games
7/24/2011 3:47:03 AM #

I've recently began a weblog, the data you provide on this site has helped me tremendously. Thanks for all your time & work.

Reply

monster beats pro
monster beats pro
10/30/2011 6:28:35 PM #

Who can come to the front of the time, help me find the next screen.

Reply

beats by dre detox
beats by dre detox
10/30/2011 11:53:22 PM #

You are everything when you are with me, and everything is you when you are not.

Reply

Voyage Marrakech
Voyage Marrakech France
11/12/2011 1:22:01 PM #

Decorous compose-up, I’m standard company of unit’s place, contend up the pleasant run, plus It is going to be a methodical tourist for a yearn rhythm. “Saintly folly is saintly realize in belie.” by Jest Billings.

Reply

Philix
Philix United States
11/18/2015 5:54:15 PM #

Wonderful Website

Reply

philix
philix United States
11/19/2015 5:37:08 AM #

Nice Site.

Reply

Philix
Philix United States
11/27/2015 5:31:45 PM #

Great Website.

Reply

Gia Agramonte
Gia Agramonte United States
1/15/2016 4:53:09 AM #

Congrats. And all of the items featured so far should be in the book.

Reply

Rich Bowdry
Rich Bowdry United States
1/15/2016 6:43:17 AM #

this is awesome like the book of awesome

Reply

Christin Boxwell
Christin Boxwell United States
1/15/2016 6:58:49 AM #

getting the last pair of shoes in your size AWESOME!

Reply

Thersa Tomich
Thersa Tomich United States
1/15/2016 7:11:47 AM #

Printing out an essay or paper, reading the first line and realizing there aren't any mistakes.<br />AWESOME!

Reply

Janita Wendelin
Janita Wendelin United States
1/15/2016 7:15:27 AM #

Printing out an essay or paper, reading the first line and realizing there aren't any mistakes.<br />AWESOME!

Reply

Dewey Kittrell
Dewey Kittrell United States
8/25/2016 4:25:55 AM #

Construction industry is adapting the latest technology. Smart house buildersdesigners are having nice niche

Reply

Sheridan Agnelli
Sheridan Agnelli United States
9/17/2016 3:42:10 PM #

It has the option of getting ipad for events on rent. If yes, record what you actually say while floating in the world of dreams, and chuckle at those sounds later on. If you wish to get an idea about the Vancouver app development, BC android developer uk market then you should seek the help of internet. The work that they have done in the past will help you decide whether you should hand over your project to this company or not.

Reply

Long Rothrock
Long Rothrock United States
5/22/2017 8:04:14 PM #

Your articles are very useful

Reply

Melia Altringer
Melia Altringer United States
6/9/2017 5:13:37 PM #

please,check my site for hot news

Reply

Gregory Despain
Gregory Despain United States
7/19/2017 11:37:05 AM #

Really one of the best sites

Reply

Add comment

biuquote
  • Comment
  • Preview
Loading

Rel=Me

Month List

RecentComments

Comment RSS

Tag cloud