I have an asp.net app, and I want to store a machine wide encryption key that I will be using in the apps, when using DPAPI crypto system.
What are the best practices to store the key - where do I store it?
Thanks.
It very unsafe to store any key as plaintext in any non-volatile and inherently insecure medium (such as a Hard Drive). On such mediums, you should only store a signed encrypted version of a key, and write-access to the encrypted key should be secured.
The real work at hand is to model the security needs, to determine the key-management policy and implementation.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With