Hi
I have an asp.net app, and i want to store a machine wide encryption key that i will be using in the apps, when using DPAPI crypto system.
What are the best practices to store the key - where do i store it?
Thanks.
+2
A:
It very unsafe to store any key as plaintext in any non-volatile and inherently insecure medium (such as a Hard Drive). On such mediums, you should only store a signed encrypted version of a key, and write-access to the encrypted key should be secured.
The real work at hand is to model the security needs, to determine the key-management policy and implementation.
M.A. Hanin
2010-03-10 15:08:30
Thanks.What i want to store is a file containing an encrypted key, so it can only be accessed by my applications in the specific app pool.Also the process of creating that key is to have a pass phrase, and encrypt it using DPAPI and store it in the file i have mentioed.
Nice
2010-03-10 15:34:00