Hi all,

We have a web install that places a connection config which contains database connection information collected via dialogs in the UI. We will be adding encryption via aspnet_regiis -pef which can be done from the install via Custom Action. So, once the install finishes the users db connection string will be encrypted.

During upgrade, we previously (before we had to add encryption) would grab the connection string from the config file, parse the various information, set properties which prepopulated the connection info dialog so users wouldn't have to re enter that information. Now, I'm thinking that functionality won't be possible unless the file is decrypted. You can do that with -pdf passed to aspnet_regiis, but I don't think I can do that during the UI sequence. I tried copying the files to the installing users temp directory, which was successful, but it didn't seem decrypt the file.

My msi.dll didn't error when it tried to start the aspnet_regiis process on the files in the temp directory, but it did not decrypt them.

Does anyone know a workaround to decrypt the file during the UI sequence? I guess that would be a fairly big security hole.

The only thing I can think of doing is only show the Db information dialog on initial install. On upgrade, if I find a config file in place, bypass the db connection dialog so no reentry would be necessary. Then, I'll create a custom action to decrypt the file, grab and parse the values from the config and set needed properties. I'm not sure if I can use an MSI .dll early in the deferred sequence that would still have a handle to the properties I need to set.

I really hate to move away from the way things were working. We even had a widget that ran prep scripts for the user. With the config file encrypted, I would only be able to run the widget to update the db on initial install.

Anyone with experience using encryption/decryption in installs and can help, it would be appreciated!

Thanks in advance!!