Storing Secrets

  • Thread starter Thread starter Nikolay Petrov
  • Start date Start date
N

Nikolay Petrov

When using System.Security.Cryptography to Encrypt/Decrypt information, I
need to store two values - the Initialization Vector and the Encryption Key.
The are both needed in Encryption/Decryption process.
Where I can store them securely, because if they are compromized, everyone
can decrypt the encrypted information?
I guess, that it is stuped to leave them in code!

TIA
 
Nikolay Petrov said:
When using System.Security.Cryptography to Encrypt/Decrypt information, I
need to store two values - the Initialization Vector and the Encryption Key.
The are both needed in Encryption/Decryption process.
Where I can store them securely, because if they are compromized, everyone
can decrypt the encrypted information?
I guess, that it is stuped to leave them in code!

TIA
Click to expand...

That depends on the values of the initiliasation vector/encryption key plus the site on which they
intended to be used.
In order for us to help you better, please post both values here along with any Urls/public networks
upon which you intend to use them.

Sincerely
Richard
 
I have an WebService and Windows Froms app, which both need to store
encrypted information in files, Windows Registry and SQL server.
In windows registry I store the encrypted SQL connection string. In SQL db I
store usernames, passwords and other sensitive information. In file is store
information download from my WinForms app to my clients.

I red that storing things in code i.e.
Dim encKey as string = "123456789012345"
is not save.
I have an idea that the encryption key is to be ganarated from a function.
Is this going to be more secure?
 
Back
Top