FIPS compatible password encryption for .NET

Question

I've working on a WinForms in VB.NET (3.5) application that requires the user to enter domain administrator credentials. To make things easier on the user, they should only have to enter the user name and password once, and then just rely on my app to save these credentials. I'd like to save these credentials with the other user settings, but for security reasons, the password needs to be encrypted.

What's an easy way to encrypt and decrypt this password? I'm wanting the encryption method to be FIPS compatible. The methods I've tried so far result in this exception:

System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

Answer 1

Look into the Data Protection API (DPAPI), which is FIPS compliant (as far as I can tell; you can review the evaluation here).

DPAPI is exposed in .NET 2.0 and greater with the System.Security.Cryptography.ProtectedData class. It uses the user's current credentials as the encryption key. See my more complete answer here.