We ship a .NET application with an associated configuration file. Our consultants create the configuration file during installation. We’d like to make it hard for the client to tamper with the configuration file.
What avenues do we have?
At the moment, I’m thinking about signing the configuration file with our private key and verifying it against the public key when the application starts. I’d then hide the public key in the EXE somewhere.
How might I go about doing this? Are there better ways to do this?
Note: I’m aware that this will not prevent a determined attacker. We’re looking at closing off some of the easiest routes and moving the effort required into deliberate, rather than negligent, infringement.
This doesn’t make any sense. You are shipping a configuration file. It’s used for configuring the application. But you don’t want it to be changed? So then it can’t be used to configure the application. So, then why even bother with a configuration file? Why not just embed it as a resource in the application itself?
What am I missing?
Edit, to respond to your new information:
Use XMLDSIG. Sign the
app.config. Verify the signature.