Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Deploying the Cryptography Application Block

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

The latest Enterprise Library information can be found at the Enterprise Library site.

The Cryptography Application Block is comprised of multiple assemblies. Each assembly that belongs to the Cryptography Application Block has a file name that begins with Microsoft.Practices.EnterpriseLibrary.Security.Cryptography. Additionally, the application block depends on the common assembly and on the ObjectBuilder subsystem. Applications that use the Cryptography Application Block can be deployed in one of two configurations:

  • They can be deployed as private assemblies in the application folder hierarchy.
  • They can be deployed as shared assemblies in any file system location or in the global assembly cache.

Deploying the Cryptography Application Block as Private Assemblies

If the application does not have to use the services available from the global assembly cache, the Cryptography Application Block can be deployed in the application folder structure. This simplifies deployment because you can install the entire application, including the Cryptography Application Block assemblies, on the destination computer by using the xcopy command. If multiple applications on the same computer use the Cryptography Application Block, you can install a copy of the assemblies in each application folder hierarchy. This allows each application's copy of the assemblies to be updated independently. For information about strong naming the Enterprise Library assemblies, see Strong Naming Enterprise Library Assemblies.

Deploying the Cryptography Application Block as Shared Assemblies

You can assign a strong name to the Cryptography Application Block assemblies. Both Visual Studio .NET and the .NET Framework SDK include tools to do this. After assemblies are strong named, they can be deployed in a shared location and used by multiple applications. You can choose to deploy the assemblies in any file system location and add a <codeBase> element that specifies the location of the assemblies in the application configuration file of each application that uses the Cryptography Application Block.

A more likely scenario is that you deploy shared assemblies in the global assembly cache. In this scenario, all applications on the computer can use the assemblies without any additional configuration. You can use one of the following tools to install an assembly in the global assembly cache:

  • An installer program, such as the Microsoft Windows Installer, version 2.0
  • The Global Assembly Cache Tool command line utility (Gacutil.exe)
  • The .NET Framework Configuration tool (Mscorcfg.msc)

Distributing Keys

Figure 1 illustrates the process supported by the application block to manage and distribute keys. On Computer A, you use the configuration console to read an encrypted key stored in a file. The configuration console relies on the Cryptography Application Block to do this. The application block uses DPAPI to decrypt the key in memory and display it with the configuration console's Cryptographic Key Wizard (if you do not use the wizard to edit the key, it remains encrypted in memory). When you export the key to a file, the application block uses a password that you supply and a randomly generated salt value to encrypt the key. You transport the file that contains the key to Computer B and use the configuration console to import the key from the file. When you save your application configuration, the configuration console uses the application block to encrypt the key with DPAPI and save it to a local file.

Ff649375.CR-DES-02-KeyManagement(en-us,PandP.10).gif

Figure 1
Distribution of keys

The configuration console stores the absolute path to each key file in the <securityCryptographyConfiguration> section in the configuration source. For example, when you use the default configuration source, your application configuration file contains the absolute path to your key files. If you deploy your application to another computer, you must either deploy your key files to the same absolute path or update the <securityCryptographyConfiguration> section of the computer's configuration source to reflect the new location.

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

The latest Enterprise Library information can be found at the Enterprise Library site.
Show:
© 2015 Microsoft