Deploying the Cryptography Application Block

Microsoft Enterprise Library 5.0

DropDown image DropDownHover image Collapse image Expand image CollapseAll image ExpandAll image Copy image CopyHover image

The Cryptography Application Block is comprised of multiple assemblies. Each assembly that belongs to the Cryptography Application Block has a file name that begins with Microsoft.Practices.EnterpriseLibrary.Security.Cryptography. Additionally, the block depends on the common assembly and on the Unity subsystem. For details of deploying and updating Enterprise Library and the blocks, see Deploying Enterprise Library.

Distributing Keys

The following schematic illustrates the process supported by the block to manage and distribute keys. On Computer A, you use the configuration tools to read an encrypted key stored in a file.


The configuration tools rely on the Cryptography Application Block to do this. The block uses DPAPI to decrypt the key in memory and display it with the configuration tools' Cryptographic Key Wizard (if you do not use the wizard to edit the key, it remains encrypted in memory). When you export the key to a file, the block uses a password that you supply and a randomly generated salt value to encrypt the key. You transport the file that contains the key to Computer B and use the configuration tools to import the key from the file. When you save your application configuration, the configuration tools use the block to encrypt the key with DPAPI and save it to a local file.

The configuration tools store the absolute path to each key file in the <securityCryptographyConfiguration> section in the configuration source. For example, when you use the default configuration source, your application configuration file contains the absolute path to your key files. If you deploy your application to another computer, you must either deploy your key files to the same absolute path or update the <securityCryptographyConfiguration> section of the computer's configuration source to reflect the new location.