Re: Cryptography.

From: Brock Allen (ballen_at_NOSPAMdevelop.com)
Date: 10/06/05

  • Next message: [MSFT]: "RE: Cryptography."
    Date: Wed, 05 Oct 2005 16:31:40 -0700
    
    

    Oops, should read "Data Protection" API.

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen

    > Yeah, key management is a big problem. The way many of the built-in
    > keys are managed for ASP.NET is to encrypt them per-machine with yet
    > another key and let that key be managed by the LSA. This sounds odd,
    > but I think it's the best thing we have. So, look into the DPAPI
    > (DataProtected API) in Win32. I think Dominick has a managed wrapper
    > for v1.x and IIRC there's a managed wrapper built into v2.0.
    >
    > -Brock
    > DevelopMentor
    > http://staff.develop.com/ballen
    >> Hello,
    >> I am using .NET's cryptography classes(Symmetric algorithm) to
    >> encrypt/decrypt strings and streams. I want to know the place i
    >> should
    >> store
    >> the Key and the IV values for the algorithms?Since these values are
    >> sensitive information i definitely cannot store them in the code or
    >> config files. Please elucidate me on this.
    >> Thanks
    >>


  • Next message: [MSFT]: "RE: Cryptography."