DataProtectionConfigurationProvider decryption

Question

I am working on a winform application that uses a config file to connect to my server. Now I want to make the IP address of my server ecrypted. So I put the ip address in the appSettings section and encrypted it using DataProtectionConfigurationProvider. I do the ecnryption process during the installation/deployment process. I want to know the following: 1) Can anyone, the user, decrypt appSettings in the config file? 2) If tomorrow I planned to change the ip address of my server, is there a way to update that at the user side using a patch rather than sending a new release, build.

Answer 1

In answer to your questions:

1. Yes, you user will likely be able to decrypt it. With that encryption provider the key is tied either to the machine or a particular user (depending on the settings used). That is, if it is machine level, anyone on that machine would be able to decrypt it. Move it to another machine the correct key will not be there decrypt it.
2. Yes it is possible. Without knowing your situation, deployment, and update facilities, it is impossible to tell you how exactly to do this. You have two main options.
   (1) Decrypt the section, make the change, then re-encrypt; this would probably done with aspnet_setreg.exe, if applicable.
   Or (2) work directly with an API that allows editing and saving of the encrypted section such accessing the file with ConfigurationManager.OpenMappedExeConfiguration