We ship a .NET application with an associated configuration file. Our consultants create the configuration file during installation. We'd like to make it hard for the client to tamper with the configuration file.
What avenues do we have?
At the moment, I'm thinking about signing the configuration file with our private key and verifying it against the public key when the application starts. I'd then hide the public key in the EXE somewhere.
How might I go about doing this? Are there better ways to do this?
Note: I'm <strong>aware</strong> that this will <strong>not prevent</strong> a <strong>determined</strong> attacker. We're looking at closing off some of the easiest routes and moving the effort required into deliberate, rather than negligent, infringement.
This doesn't make any sense. You are shipping a configuration file. It's used for configuring the application. But you don't want it to be changed? So then it can't be used to configure the application. So, then why even bother with a configuration file? Why not just embed it as a resource in the application itself?
What am I missing?
Edit, to respond to your new information:
You can encrypt sections of your configuration file with the aspnet_regiis command line utility. It uses the DPAPI by default (I believe) but it can also support other encryption algorithms. So you can use this to encrypt your connection string or app setting sections of your file (or any other sections).