I was reading this:
http://msdn.microsoft.com/en-us/library/tswxhw92(VS.80).aspx
The first sentence says: "Asymmetric private keys should never be stored verbatim or in plain text on the local computer."
What's the problem with this? And how does a key container solve it.
The reason I'm asking is that I want to generate an asymmetric key pair. The application I'm writing will encrypt information it sends back to me with the public key. I was thinking of storing the public/private key pair in our source control system so that it gets backed up. Shouldn't I be doing that? If not, how should I store the private key so that it can be reliably backed up?
Thanks. -scott
Update: Does 'never' in the quoted sentence really mean never. Or does it mean I shouldn't be storing keys to source control unless I'm not prepared to take the risk that a hacker could potentially retrieve the keys from our source control system or from a backup taken from it.