0

The new MachineKey.Encode/MachineKey.Decode features in .Net seem to make encryption much easier.

My question is, in the event that you need to modify your MachineKey on a routine basis, does it need to be a 3 step process?

  1. Decrypt and store existing data
  2. Modify the MachineKey
  3. Re-encrypt and store the encrypted data

Or is there a way to call MachineKey.Encrypt/.Decrypt using two different keys?

Sam
  • 9,933
  • 12
  • 68
  • 104

1 Answers1

1

How long are you trying to store data for? These methods are typically used to protect round-trip data or values in cookies, not for long term data storage.

If you're using ASP.NET 4.5, MachineKey.Encode() and MachineKey.Decode() have been deprecated in favor of DataProtector

mfanto
  • 14,168
  • 6
  • 51
  • 61
  • Protected data in the database. Typically a 3 or 6 month schedule on swapping out keys. Didnt think about how changing it might goof up auth tokens. Should probably stick with AesManaged or similar. – Sam Nov 24 '12 at 17:23
  • Yeah, it's nice that the methods are easy to use, and will encrypt and authenticate the data, but it's not really viable for long term storage in my opinion. When you change the machineKey, all the previous data will be inaccessible. You're probably better off using either an established cryptosystem with better key management, or using database-level security features. – mfanto Nov 24 '12 at 18:02