How to install RSA keys for web.config encryption on DiscountASP.NET servers

Web.config encryption only works with ASP.NET 2.0 or later.

ASP.NET 2.0 or later allows you to encrypt certain sections of the web.config; for example, the connectionStrings section. One encryption method is to use RSA keys. You can use the global machine-generated RSA key, but this is relatively insecure since everyone on the server has access to this key. The only secure solution is to use your own RSA keys that only your website has permissions to.

You can generate RSA keys using the aspnet_regiis.exe tool that comes with the .NET framework. Run these commands on your local computer:

1. Create the RSA keys. Replace the "username" part of the NetFrameworkConfigurationKey_username with your hosting account username.

C:\WINDOWS\Microsoft.NET\Framework\[.NET Framework version]\aspnet_regiis.exe -pc "NetFrameworkConfigurationKey_username" -exp

2. Export RSA keys. Replace the "username" part of NetFrameworkConfigurationKey_username with your hosting account username. This will export the public/private keypair to an XML file on your C drive.

C:\WINDOWS\Microsoft.NET\Framework\[.NET Framework version]\aspnet_regiis.exe -px "NetFrameworkConfigurationKey_username" "C:\NetFrameworkConfigurationKey_username.xml" -pri

Upload your RSA .xml file to your root directory then contact the DiscountASP.NET support team to get the RSA keypair installed on your webserver. We will install it in the webserver's LOCAL_MACHINE\My keystore with the appropriate access permissions for your site's ASPNET user. Make note of the NetFrameworkConfigurationKey_username container name, which you will have to use in your application for encryption/decryption.
 
For more information, see this Knowledge Base article.