Deploying the Cryptography Application Block
| Retired Content |
|---|
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
| The latest Enterprise Library information can be found at the Enterprise Library site. |
The Cryptography Application Block is comprised of multiple assemblies. Each assembly that belongs to the Cryptography Application Block has a file name that begins with Microsoft.Practices.EnterpriseLibrary.Security.Cryptography. Additionally, the application block depends on the common assembly and on the ObjectBuilder subsystem. For details of deploying and updating Enterprise Library and the application blocks, see Deploying Enterprise Library.
Distributing Keys
Figure 1 illustrates the process supported by the application block to manage and distribute keys. On Computer A, you use the configuration tools to read an encrypted key stored in a file. The configuration tools rely on the Cryptography Application Block to do this. The application block uses DPAPI to decrypt the key in memory and display it with the configuration tools' Cryptographic Key Wizard (if you do not use the wizard to edit the key, it remains encrypted in memory). When you export the key to a file, the application block uses a password that you supply and a randomly generated salt value to encrypt the key. You transport the file that contains the key to Computer B and use the configuration tools to import the key from the file. When you save your application configuration, the configuration tools use the application block to encrypt the key with DPAPI and save it to a local file.
.png "Ff648023.f72d85f6-bfcc-41e0-b1d5-bf4319478be3(en-us,PandP.10).png")
Figure 1
Distribution of keys
The configuration tools store the absolute path to each key file in the <securityCryptographyConfiguration> section in the configuration source. For example, when you use the default configuration source, your application configuration file contains the absolute path to your key files. If you deploy your application to another computer, you must either deploy your key files to the same absolute path or update the <securityCryptographyConfiguration> section of the computer's configuration source to reflect the new location.