I've looking for a way to store a given AES key so that it can't be retrieved, but it can still be used for encryption and decryption (using C#). I think the equivalent for asymetric key storage can be found here, but I'm looking for something that can be used for symmetric encryption. Does it exist in a managed form (pre .Net 4)?
Depending on who you're defending against, you can use the ProtectedData
class.
@SLaks is right, if its in your memory it can be accessed. You can make it more difficult, but it's always going to be possible.
That's why folks who are serious offload the crypto.
One options is a smart card. This lets you move data to the card and get results back, but doesn't allow access to the key material. It's not in your PCs memory space so it can't be leaked.
Ross Anderson has a good paper, Programming Satan's Computer about just this kind of thing. From the abstract:
The problem is the presence of a hostile opponent, who can alter messages at will. In effect, our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment.
Even if you're not concerned about physical memory and just the hard disk and source you still need to be wary of virtual memory. If you're not careful (or using a carefully written service) you can get plaintext keys in your swap file. Here's another link that discusses the issue. Not that you want to do that but it makes the issue apparent: Encrypting Virtual Memory. I believe there are system calls for this purpose to mark memory as unswappable but I can't find a link.
Even for asymmetric data, if the key is stored in computer and is used later, then it's retrieved and decrypted before use. And at this point a skilled hacker can retrieve it (by capturing computer memory and studying it). This is not trivial, but still possible.
In general to address your problem USB cryptotokens and cryptocards are offered. These hardware devices have their own memory for storing both symmetric and asymmetric keys, and they have processor to perform cryptographic operations using that keys. The key never leaves the device and it's virtually impossible to extract it from the device forcefully (there exist some hardware attacks such as scanning memory with microscope, but they are way more complicated than a software attack on computer).
So if your key is really valuable, use USB cryptotoken. The price of the device is very moderate - about $70-$100 per unit and there are several vendors that offer such devices.
To continue on the trend of offloading the crypto, if you know the hardware of all of your cluster you can have the key in in the TPM if the motherboard has one, it is just another option to the usb or smart-card solutions.
Windows DPAPI (Win32 documentation), and its .NET wrapper (ProtectedData Class) does not store any data. Rather, Windows DPAPI returns a cryptographic cypher value which you can store anywhere you like, including on multiple servers.
At my place of work we use DPAPI to generate a cypher for an AES key which we then store in the Registry.
The sole purpose of Windows DPAPI is to encrypt data such that only a given user account or machine can decrypt it, without needing to store a password.
The .NET ProtectedData class has been in the .NET Framework since 2.0.
I would stick with Windows DPAPI over a third party product as it is mature, stable, free, easy to use and fully supported in .NET.