Re: Cryptography.

From: Brock Allen (
Date: 10/06/05

  • Next message: [MSFT]: "RE: Cryptography."
    Date: Wed, 05 Oct 2005 16:31:40 -0700

    Oops, should read "Data Protection" API.


    > Yeah, key management is a big problem. The way many of the built-in
    > keys are managed for ASP.NET is to encrypt them per-machine with yet
    > another key and let that key be managed by the LSA. This sounds odd,
    > but I think it's the best thing we have. So, look into the DPAPI
    > (DataProtected API) in Win32. I think Dominick has a managed wrapper
    > for v1.x and IIRC there's a managed wrapper built into v2.0.
    > -Brock
    > DevelopMentor
    >> Hello,
    >> I am using .NET's cryptography classes(Symmetric algorithm) to
    >> encrypt/decrypt strings and streams. I want to know the place i
    >> should
    >> store
    >> the Key and the IV values for the algorithms?Since these values are
    >> sensitive information i definitely cannot store them in the code or
    >> config files. Please elucidate me on this.
    >> Thanks

  • Next message: [MSFT]: "RE: Cryptography."