winforms - Encrypting sections and-or settings in an App.config file that will be redistributed

Question

I'm creating a regular windows application that will be distributed to several users on my department. I'll need to include some connectivity passwords on the App.config file, and I obviously don't want end-users to just fire up notepad and look at the passwords.

Several articles point on how to encrypt/decrypt configuration sections, but it appears you have to share/ship some keys with the deployable solution.

Is there a simpler way, to just cipher some of the settings so that they are not user-readable, but that don't require extra steps or files when redistributing the program? Great plus would be that accessing the configuration settings is still transparent inside the .NET code. I could always just create a custom method to salt/cipher the string and in my custom code decrypt it, but I'm wondering if there's something simpler.

Any answers or links to articles on how to do this are greatly appreciated. Thanks

Answer 1

If you are trying to encrypt your connection string in your App.Config/Web.Config, you can do so using the Configuration class:

Configuration config = ConfigurationManager.   OpenExeConfiguration(ConfigurationUserLevel.None);
ConfigurationSection section =    config.GetSection("connectionStrings");
if (section != null)
{
    if (!section.IsReadOnly())
    {
        section.SectionInformation.ProtectSection             ("RsaProtectedConfigurationProvider");
        section.SectionInformation.ForceSave = true;
        config.Save(ConfigurationSaveMode.Full);
    }
}

There are two methods: RsaProtectedConfigurationProvider and DPAPIProtectedConfigurationProvider

See this --> http://www.codeproject.com/KB/cs/Configuration_File.aspx and http://msdn.microsoft.com/en-us/library/89211k9b(VS.80).aspx.