Re: Cryptography.

From: Paul Glavich [MVP ASP.NET] (glav_at_aspalliance.com-NOSPAM)
Date: 10/11/05 

Date: Tue, 11 Oct 2005 17:01:56 +1000

Brock is correct. I have a managed wrapper for V1.x here
(http://www.theglavs.com/glavtech/Downloads/DPAPI_Wrapper.zip)
FYI, in V2.0, look into the ProtectedData and ProtectedMemory classes for
equivalent DPAPI functionality built into the framework. 

-- 
- Paul Glavich
MVP ASP.NET
http://weblogs.asp.net/pglavich
ASPInsiders member - http://www.aspinsiders.com
"Brock Allen" <ballen@NOSPAMdevelop.com> wrote in message 
news:b8743b113b4908c797fa88e90fbc@msnews.microsoft.com...
> Oops, should read "Data Protection" API.
>
> -Brock
> DevelopMentor
> http://staff.develop.com/ballen
>
>> Yeah, key management is a big problem. The way many of the built-in
>> keys are managed for ASP.NET is to encrypt them per-machine with yet
>> another key and let that key be managed by the LSA. This sounds odd,
>> but I think it's the best thing we have. So, look into the DPAPI
>> (DataProtected API) in Win32. I think Dominick has a managed wrapper
>> for v1.x and IIRC there's a managed wrapper built into v2.0.
>>
>> -Brock
>> DevelopMentor
>> http://staff.develop.com/ballen
>>> Hello,
>>> I am using .NET's cryptography classes(Symmetric algorithm) to
>>> encrypt/decrypt strings and streams. I want to know the place i
>>> should
>>> store
>>> the Key and the IV values for the algorithms?Since these values are
>>> sensitive information i definitely cannot store  them in the code or
>>> config files. Please elucidate me on this.
>>> Thanks
>>>
>
>