From: Brock Allen (ballen_at_NOSPAMdevelop.com)
Date: Wed, 05 Oct 2005 16:31:40 -0700
Oops, should read "Data Protection" API.
> Yeah, key management is a big problem. The way many of the built-in
> keys are managed for ASP.NET is to encrypt them per-machine with yet
> another key and let that key be managed by the LSA. This sounds odd,
> but I think it's the best thing we have. So, look into the DPAPI
> (DataProtected API) in Win32. I think Dominick has a managed wrapper
> for v1.x and IIRC there's a managed wrapper built into v2.0.
>> I am using .NET's cryptography classes(Symmetric algorithm) to
>> encrypt/decrypt strings and streams. I want to know the place i
>> the Key and the IV values for the algorithms?Since these values are
>> sensitive information i definitely cannot store them in the code or
>> config files. Please elucidate me on this.