Encryption - Storing Private keys

mmm, Dave K I think you're somewhat missing the point. Also Public / Private cryptography is asymmetric not symmetric, but who cares you're the mvp after all, though from a quick check on Microsoft's MVP web site your not listed, but hey we all need a buzz to get us through the day. perhaps i'll rephrase the question to make it more understandable, apologies to anyone else reading this. Firstly apologies also for the length of this, buy hey it's a big subject. Now as i understand the public / private system, and please feel free to constructively correct me if i'm wrong (abuse and diatribes are rarely helpful), using the RSACryptoServiceProvider I have a private key with which i encrypt a license number. The user recieves the encrypted number and the local licensing application decodes the passed license value using the public key. The license app then does as required with the decrypted value. If I also use a Digital Signiture, or Hash of the message, i know that i encrypted the value originally and that it hasn't been edited by a third party so all is well. I don't understand about sending data in reverse, does the remote system use the public key to encrypt the message and my system then uses the private key to decrypt it? If this is so does'nt this mean any user can send me a message as the public key is, well, public? With regards to storing sensitive information such as Database login details, the encryption is done locally to the user. In this situation i guess i use a form of symmetric cryptography such as the RijndaelManaged cryptography objects i mentioned originally. This still leaves me with the same issue, that anyone with a simple decompiler can view the private key and the cryptography coding methods, as they're held locally to the user, so anyone can cut and paste them to a new project and decrypt the data. This all seems to easy and that i must be missing something to do with symmetric cryptography, again no more replies on 'all code can be cracked with the right tools bla bla bla'. With the level of encrytion and ease of cracking shown on my own very basic and simple tests there seems to be no point on even performing encryption unless the user has no technological knowledge whatsoever. A reply on another forum has suggested deriving the key from another source, but if my code can be viewed with a decompiler then surely the source and how the derivation is performed can also noted and duplicated. The security in my system is not intended to hold up against serious hackers

My system is to do with licensing windows desktop based applications so other users will have direct access to the computer. My system will have to receive and store a license code specifying which applications can be run and for how long. This obviously needs to be encrypted so the user can't change to full access forever. Looking into public / private key pairs seems similarily problematic. The Private Key values can be stored in Key Containers but the user can get the name of the container and open it to get the key values. If you are saying that there is no way to secure the Key value used to perform the encryption/decryption then how is any system secure. Surely there is a way to solve this or we'd all be hacking everyone else's code rather than writing our own?

Hi, I'm building an application to handle licensing some software i'm writing. I'm using the RijndaelManaged cryptography objects to encrypt an decrypt the license codes and database login info etc. At present i have the Key and Initialisation vector values stored as byte arrays private to my cryptography class. The code works fine. The problem is that when i use a decompiler on my dll the Key value byte array is fully visible, along with my Encryption and Decryption methods, thus rendering the security useless. My question is how do people actually store the Key value so that no one has access to it. I can't find any mention of how people actually do this, only how to use crytography once you have the key. I'm almost tempted to go back to vb6 to create my cryptography dll so i actually have some security. Does anyone else have this problem or am I missing something obvious? Thanks dave