cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Superfreak3
Level 11

Decrypting a File...

Hi all,

We have a web install that places a connection config which contains database connection information collected via dialogs in the UI. We will be adding encryption via aspnet_regiis -pef which can be done from the install via Custom Action. So, once the install finishes the users db connection string will be encrypted.

During upgrade, we previously (before we had to add encryption) would grab the connection string from the config file, parse the various information, set properties which prepopulated the connection info dialog so users wouldn't have to re enter that information. Now, I'm thinking that functionality won't be possible unless the file is decrypted. You can do that with -pdf passed to aspnet_regiis, but I don't think I can do that during the UI sequence. I tried copying the files to the installing users temp directory, which was successful, but it didn't seem decrypt the file.

My msi.dll didn't error when it tried to start the aspnet_regiis process on the files in the temp directory, but it did not decrypt them.

Does anyone know a workaround to decrypt the file during the UI sequence? I guess that would be a fairly big security hole.

The only thing I can think of doing is only show the Db information dialog on initial install. On upgrade, if I find a config file in place, bypass the db connection dialog so no reentry would be necessary. Then, I'll create a custom action to decrypt the file, grab and parse the values from the config and set needed properties. I'm not sure if I can use an MSI .dll early in the deferred sequence that would still have a handle to the properties I need to set.

I really hate to move away from the way things were working. We even had a widget that ran prep scripts for the user. With the config file encrypted, I would only be able to run the widget to update the db on initial install.

Anyone with experience using encryption/decryption in installs and can help, it would be appreciated!

Thanks in advance!!
Labels (1)
0 Kudos
(2) Replies
Cary_R
Level 11

It's been a while since I messed with this, but I've written web.config encrypt/decrypt routines using the .Net API. IIRC, you can use the same API's to decrypt a web.config that was encrypted via aspnet_regiis.exe.
0 Kudos
Superfreak3
Level 11

Cary R wrote:
It's been a while since I messed with this, but I've written web.config encrypt/decrypt routines using the .Net API. IIRC, you can use the same API's to decrypt a web.config that was encrypted via aspnet_regiis.exe.


Here is how I got around the decryption issue. I created a widget to decrypt (aspnet_regiis) and I treat this widget as a prerequisite wrapped in the Setup.exe. Since we require Administrator to launch and run the setup.exe, the widget runs and has the credentials to decrypt the file.

I then have a custom action at the tail end of the install to encrypt the file via the same method, aspnet_regiis.
0 Kudos