What Is Machine Key?

Key

The machineKey element in the ASP.NET web.config file specifies the algorithm and keys that ASP.NET will use for encryption.

By default the validationKey and the decryptionKey keys are set to AutoGenerate which means the runtime will generate a random key for use. This works fine for applications that are deployed on a single server.

But, When you use webfarms a client request can land on any one of the servers in the webfarm. Hence you will have to hardcode the validationKey and the decryptionKey on all your servers in the farm with a manually generated key.

Key

The value is stored locally in the web.config of that application. Below is the sample code.

Powershell – Generate AES key February 8, 2017 February 8, 2017 Posted in Microsoft, Powershell, Security Specifically when dealing with the encryption and decryption of credentials within Powershell (next blog post), you will be dealing with AES keys to handle this securely. Aes aes = Aes.Create; When the previous code is executed, a new key and IV are generated and placed in the Key and IV properties, respectively. Sometimes you might need to generate multiple keys. The AES algorithm is an iterative, symmetric-key block cipher that supports cryptographic keys (secret keys) of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits. The below figure shows the high-level AES algorithm: If the data to be encrypted does not meet the block size of 128 bits requirement, it must be padded.

What Is The Use Of Machine Key In IIS?

Machine key is a unique key that differentiates one computer from others. And this key is used to create unique identifier when cookie is created in the client machine from a server side code.

This key is generally present in the machine.config file when you install .NET framework that is generally not visible to the user as it remains in the .NET Framework installation directory.

When you specify the same key in your web.config, the value of machine key specified in the machine.config is overridden by the one you have specified in the web.config file.

Further Reading

  • Replace the ASP.NET machineKey in ASP.NET Core - The implementation of the <machineKey> element in ASP.NET is replaceable. This allows most calls to ASP.NET cryptographic routines to be routed through a replacement data protection mechanism, including the new data protection system.

  • Setting the Validation and Decryption Keys - The encryption and hashing algorithms used by the forms authentication system to encrypt and validate the authentication ticket are customizable through the <machineKey> element in Web.config. This microsoft doc outlines the <machineKey> element’s attributes and their possible values.

  • Professional ASP.NET 2.0 Security, Membership, and Role Management - Refer this book for an in-depth look at these issues, including guidance on what encryption and validation algorithms to use, what key lengths to use, and how best to generate these keys.

An AES key is a random bitstring of the right length.

  • For a 128-bit AES key you need 16 bytes.
  • For a 256-bit AES key you need 32 bytes.

If you need to generate your own AES key for encrypting data, you should use a good random source. The strength of the key depends on the unpredictability of the random.

Mbed TLS includes the CTR-DRBG module and an Entropy Collection module to help you with making an AES key generator for your key.

To use the AES generator, you need to have the modules enabled in the config.h files (MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C), see How do I configure Mbed TLS.

Include the following headers in your code:

Then add the following variable definitions to your code:

The personalization string needs to be unique to your application to add randomness to your random sources.

Creating the AES key

Key

You need to initialize the entropy pool and the random source and extract data for your key. In this case we generate 32 bytes (256 bits) of random data.

Now you can use the data in key as a 256-bit AES key.

Key Generator

Did this help?