Could somebody please do a rundown of how to programmatically encrypt a config-file in .NET, preferably in C#.

What I would like to do is do some kind of check on an application's startup to see if a section is unprotected, and if it is, then encrypt it. This for both settings and connection-strings.

Also if anyone could list the types of encryption-providers and what is the difference between them.

I don't know if the code for doing this in a normal WinForms-application is transparent to doing this in ASP.NET.

To summarize the answers and what I've found so far, here are some good links to answer this question:

• Encrypting Configuration Information in ASP.NET 2.0 Applications - 4GuysFromRolla.com
• How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI - MSDN

Please feel free to complement with other links, maybe some to WinForms- or WPF-applications.

There is a good article from 4 guys about Encrypting Configuration Information in ASP.NET 2.0 Applications

Hope this helps

The solution at below site working fine for me.

http://www.a2zmenu.com/Blogs/CSharp/How-to-encrypt-configuration-file.aspx

@TK: a hashing algo can only be 'guessed', not reverse engineered. One can only reconstruct the input to a hash value by completely guessing the input (apart from collisions, that is) This can be done by a rainbow crack for example (see an implementation of a rainbow cracker here)

I would say that a 3rd party encryption tool is not safer than the .NET framework encryption algorithms, these libraries just help you doing your job faster

I haven't used it myself, but the Microsoft Enterprise library has good encryption support that will possibly suit your needs:

http://msdn.microsoft.com/en-us/library/cc309503.aspx