ASP.NET <machineKey> Generator

ASP.NET application settings can include a machineKey section, which configures algorithms and keys to use for encryption and decryption, as well as validation of forms-authentication data and view-state data.

This tool creates a random validation key and a random decryption key, both of which are converted into hexadecimal characters.

Refer to MSDN for more detailed information about the machineKey section: machineKey Element (ASP.NET Settings Schema)

Encryption

The machineKey section generated by this tool specifies that ASP.NET should use the AES (Rijndael) algorithm to encrypt and decrypt data. This algorithm is compliant with the United States Federal Information Processing Standards (FIPS).

Validation

The machineKey section generated by this tool specifies that ASP.NET should use the HMACSHA256 hash algorithm to validate data. This algorithm is compliant with the United States Federal Information Processing Standards (FIPS).

It is important to remember that view-state is transmitted as a base-64 encoded string. This encoding provides no security because it is easily decoded. If you store sensitive data in view-state, you should specify that ASP.NET encrypt view-state data in addition to validating it. You can specify view-state encryption for all pages of your web application or for selected pages. For information about this option, see ViewStateEncryptionMode.