'OWIN'에 해당되는 글 1건

  1. 2018.08.03 [SECURITY] MachineKey 만들기


PowerShell 을 사용하여 MachineKey 를 작성하는 방법입니다.


Appendix A: How to generate a <machineKey> element

아래 Function 을 PowerShell 에 Copy & Paste 하여 Enter 를 쾅! 칩니다. ^^


# Generates a <machineKey> element that can be copied + pasted into a Web.config file.
function Generate-MachineKey {
  [CmdletBinding()]
  param (
    [ValidateSet("AES", "DES", "3DES")]
    [string]$decryptionAlgorithm = 'AES',
    [ValidateSet("MD5", "SHA1", "HMACSHA256", "HMACSHA384", "HMACSHA512")]
    [string]$validationAlgorithm = 'HMACSHA256'
  )
  process {
    function BinaryToHex {
        [CmdLetBinding()]
        param($bytes)
        process {
            $builder = new-object System.Text.StringBuilder
            foreach ($b in $bytes) {
              $builder = $builder.AppendFormat([System.Globalization.CultureInfo]::InvariantCulture, "{0:X2}", $b)
            }
            $builder
        }
    }
    switch ($decryptionAlgorithm) {
      "AES" { $decryptionObject = new-object System.Security.Cryptography.AesCryptoServiceProvider }
      "DES" { $decryptionObject = new-object System.Security.Cryptography.DESCryptoServiceProvider }
      "3DES" { $decryptionObject = new-object System.Security.Cryptography.TripleDESCryptoServiceProvider }
    }
    $decryptionObject.GenerateKey()
    $decryptionKey = BinaryToHex($decryptionObject.Key)
    $decryptionObject.Dispose()
    switch ($validationAlgorithm) {
      "MD5" { $validationObject = new-object System.Security.Cryptography.HMACMD5 }
      "SHA1" { $validationObject = new-object System.Security.Cryptography.HMACSHA1 }
      "HMACSHA256" { $validationObject = new-object System.Security.Cryptography.HMACSHA256 }
      "HMACSHA385" { $validationObject = new-object System.Security.Cryptography.HMACSHA384 }
      "HMACSHA512" { $validationObject = new-object System.Security.Cryptography.HMACSHA512 }
    }
    $validationKey = BinaryToHex($validationObject.Key)
    $validationObject.Dispose()
    [string]::Format([System.Globalization.CultureInfo]::InvariantCulture,
      "<machineKey decryption=`"{0}`" decryptionKey=`"{1}`" validation=`"{2}`" validationKey=`"{3}`" />",
      $decryptionAlgorithm.ToUpperInvariant(), $decryptionKey,
      $validationAlgorithm.ToUpperInvariant(), $validationKey)
  }
}


그러면 추가한 Generate-MachineKey 를 사용해 봐야겠죠?!


ASP.NET 4.0 application 에서는 Machine Key 작성시 Option Parameter 를 주지 않아도 됩니다.


PS> Generate-MachineKey

<machineKey decryption="AES" decryptionKey="..." validation="HMACSHA256" validationKey="..." />


하지만 ASP.NET 2.0 과 3.5 application 에서는 HMACSHA256 을 지원하지 않으므로 Parameter 로 "SHA1" 을 넣어줘야 한다네요.


PS> Generate-MachineKey -validation sha1

<machineKey decryption="AES" decryptionKey="..." validation="SHA1" validationKey="..." />


ASP.NET 그리고 Web.config 파일에 MachineKey element 를 추가해 줍니다.


<configuration>

  <system.web>

    <machineKey ... />

  </system.web>

</configuration>


행복한 고수되셔요.



woojja ))*

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\




'Security' 카테고리의 다른 글

[SECURITY] MachineKey 만들기  (0) 2018.08.03
Posted by woojja
이전버튼 1 이전버튼