I have a windows service that reads from app.config
I want some settings to be encrypted, however, I don't want to use the ProtectedConfigurationProvider classes provided in .NET because they encrypt files based on the machine they are running on using DPAPI.
What I wanted was a way for our administrator to deploy the config file already encrypted to many machines and have each machine decrypt them when needed.
I don't want to hardcode a password into the assembly either so I'm not sure how I can go about this.
Perhaps your central server can maintains a database of the private keys for all the end points, then it could use the specific machine key for that.
A shared private key for all the machines is not going to be that secure.
You can use user-level RSA keys and export them to each machine. then the config file can be encrypted ahead of time, and the target machines already have the key.
来源:https://stackoverflow.com/questions/559995/encrypting-config-files-for-deployment-net