Menu
I've looking for a way to store a given AES key so that it can't be retrieved, but it can still be used for encryption and decryption (using C#). I think the equivalent for asymmetric key storage can be found here, but I'm looking for something that can be used for symmetric encryption. Does it exist in a managed form (pre .Net 4)?
209
Windows DPAPI (Win32 documentation), and its .NET wrapper (ProtectedData Class) does not store any data. Rather, Windows DPAPI returns a cryptographic cypher value which you can store anywhere you like, including on multiple servers.
At my place of work we use DPAPI to generate a cypher for an AES key which we then store in the Registry.
The sole purpose of Windows DPAPI is to encrypt data such that only a given user account or machine can decrypt it, without needing to store a password.
The .NET ProtectedData class has been in the .NET Framework since 2.0.
I would stick with Windows DPAPI over a third party product as it is mature, stable, free, easy to use and fully supported in .NET.
99
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
