Machine Key (2024)

Validation method

Select one of the following options to specify the validation method the machine key uses:

• AES - Advanced Encryption Standard (AES) is relatively easy to implement and requires little memory. AES has a key size of 128, 192, or 256 bits. This method uses the same private key to encrypt and decrypt data, whereas a public-key method must use a pair of keys.

• MD5 - Message Digest 5 (MD5) is used for digital signing of applications, for example, mail messages. This method produces a 128-bit message digest, which is a compressed form of the original data. MD5 can provide some protection against computer viruses and programs that mimic harmless applications but are destructive.

• SHA1 – This method is the default setting. SHA1 is considered to be more secure than MD5 because it produces a 160-bit message digest. Use SHA1 encryption whenever possible.

• TripleDES - Triple Data Encryption Standard (TripleDES) is a minor variation of Data Encryption Standard (DES). It is three times slower than regular DES but can be more secure because it has a key size of 192 bits. If performance is not your primary consideration, consider using TripleDES.

• HMACSHA256 - Hash-based Message Authentication Code (HMAC) mixes a secret key with the message data, hashes the result with the hash function, mixes that hash value with the secret key again, and then applies the hash function a second time. The output hash is 256 bits in length.

• HMACSHA384 - Hash-based Message Authentication Code (HMAC) with an output has that is 384 bits long.

• HMACSHA512 - Hash-based Message Authentication Code (HMAC) with an output has that is 512 bits long.

Encryption method

Select one of the following options to specify the encryption method the machine key uses:

• Auto – This method is the default setting. Auto works with whichever encryption method you specified.

• AES - Advanced Encryption Standard (AES) is relatively easy to implement and requires little memory. AES has a key size of 128, 192, or 256 bits. This method uses the same private key to encrypt and decrypt data, whereas a public-key method must use a pair of keys.

• TripleDES - Triple Data Encryption Standard (TripleDES) is a minor variation of DES. It is three times slower than regular DES but can be more secure because it has a key size of 192 bits. If performance is not your primary consideration, consider using TripleDES.

• DES - Data Encryption Standard (DES) uses a 56-bit key to both encrypt and decrypt data. If your server, site, or application does not require the strongest security, consider using DES.

Validation key

Computes a Message Authentication Code (MAC) to confirm the integrity of the data. This key is appended to either the Forms authentication cookie or the view state for a specific page.

Select one of the following options to specify how the validation key is generated:

• Automatically generate at runtime: Instructs ASP.NET to generate a random key at runtime.

• Generate a unique key for each application: Isolates applications from one another by generating a unique key for each application based on the application ID of each application. If your application is deployed in a web farm, duplicate your application's key across all servers in the farm.

Decryption key

Used to encrypt and decrypt Forms authentication tickets and view state.

Select one of the following options to specify how the decryption key is generated:

• Automatically generate at runtime: Instructs ASP.NET to generate a random key at runtime.

• Generate a unique key for each application: Isolates applications from one another by generating a unique key for each application based on the application ID of each application. If your application is deployed in a web farm, duplicate your application's key across all servers in the farm.

Apply

Saves the changes that you have made on the feature page.

Cancel

Cancels the changes that you have made on the feature page.

Generate Keys

Generates a validation key and a decryption key in the corresponding boxes on the feature page.