Store an encryption key
-
I need a user/password pair to connect to a RDBMS through my application. Now I want to store those informations in a secure manner and I have thought to store them inside an encrypted archive using a strong encryption algorithm (may be AES, for example). Now, what is the smartest way to store the encyption key needed to access the user/password pair ? Inside the application binary ? In which secure way ? Into another kind of container ? Thanks
-
I need a user/password pair to connect to a RDBMS through my application. Now I want to store those informations in a secure manner and I have thought to store them inside an encrypted archive using a strong encryption algorithm (may be AES, for example). Now, what is the smartest way to store the encyption key needed to access the user/password pair ? Inside the application binary ? In which secure way ? Into another kind of container ? Thanks
One solution from a question I posted last year[^]
CleaKO
"I think you'll be okay here, they have a thin candy shell. 'Surprised you didn't know that." - Tommy Boy
"Fill it up again! Fill it up again! Once it hits your lips, it's so good!" - Frank the Tank (Old School) -
One solution from a question I posted last year[^]
CleaKO
"I think you'll be okay here, they have a thin candy shell. 'Surprised you didn't know that." - Tommy Boy
"Fill it up again! Fill it up again! Once it hits your lips, it's so good!" - Frank the Tank (Old School)It's the same solution I have thought, in some way. And now I'm reading some articles about DPAPI to see if it can help me for this kind of problems. Thanks a lot
-
It's the same solution I have thought, in some way. And now I'm reading some articles about DPAPI to see if it can help me for this kind of problems. Thanks a lot
If you have .NET 2.0 it can do the encryption/decryption for you as well as store it in the registry I believe.
CleaKO
"I think you'll be okay here, they have a thin candy shell. 'Surprised you didn't know that." - Tommy Boy
"Fill it up again! Fill it up again! Once it hits your lips, it's so good!" - Frank the Tank (Old School) -
If you have .NET 2.0 it can do the encryption/decryption for you as well as store it in the registry I believe.
CleaKO
"I think you'll be okay here, they have a thin candy shell. 'Surprised you didn't know that." - Tommy Boy
"Fill it up again! Fill it up again! Once it hits your lips, it's so good!" - Frank the Tank (Old School)I'm using VC++ without managed code. However it seems that DPAPI could solve this problem, either using a machine-store or a user store. For the latter, a point is not clear for me: for user-store it seems DPAPI use the windows user logon credentials to generate the master and session keys. The CryptProtectData and CryptUnprotectData functions have the chance to show a dialog to allow the user to insert a password. Is this only necessary if the windows user has no password set (may be a standalone machine) ?