Cannot decrypt data if encrypted by another app that uses ILMerge

[mcm-ham]

In our app we are looking at implementing an encrypted config file using a custom provider that uses DataProtector. To support administrators editing this config file we wrote a simple EncryptedSettings console app they can use to decrypt config file to edit and once finished re-encrypt. Since DataProtector brings in a lot of dlls we're using ILMerge to consolidate into a single exe. The problem is the key saved to disk has this reference:

<descriptor deserializerType="Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, EncryptedSettings, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null">

So in our application the config provider can't decrypt file because it can't find the EncryptedSettings dll (which of course was originally Microsoft.AspNetCore.DataProtection.dll before it was merged into the tools exe).

[ajaybhargavb]

@mcm-ham, as you have pointed out, we add the Deserializer type name to the key so we know what instance of the deserializer to create when decrypting the key (

DataProtection/src/Microsoft.AspNetCore.DataProtection/KeyManagement/XmlKeyManager.cs

Line 416 in cde3b96

var deserializerInstance = _activator.CreateInstance<IAuthenticatedEncryptorDescriptorDeserializer>(descriptorDeserializerTypeName);

). I don't have full context here, but as far as I understand this behavior is expected and our default IKeyManager doesn't support it. @blowdart might have a better explanation.

[blowdart]

Sounds about right. As we need to discover the provider, and the way we do that is embedding the dll name into the key using ILMerge is just not going to work.