Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to safely store encryption key in a .NET assembly

Tags:

People also ask

Where do you put the encryption key?

The encryption key is created and stored on the key management server. The key manager creates the encryption key through the use of a cryptographically secure random bit generator and stores the key, along with all it's attributes, into the key storage database.

Where are private encryption keys stored?

A Private key for an end entity could be stored in a Trusted Platform Module (TPM) chip or a USB tamper-resistant security token. When hosting in the cloud, you should try to use the cloud-native key storage facilities provided by the vendor.

Where is AES key stored?

The AES master key always remains within the secure boundaries of the cryptographic coprocessors. Transport keys protect a key that is sent to another system, received from another system, or stored with data in a file.


In order to prevent somebody from grabbing my data easily, I cache data from my service as encrypted files (copy protection, basically).

However, in order to do this, I must store the encryption key within the .NET assembly so it is able to encrypt and decrypt these files.

Being aware of tools like Red Gate's .NET Reflector which can pull my key right out, I get a feeling that this is not a very safe way of doing it... are there any best practices to doing this?