Best Practice for storing TripleDES key and vector?
From: knf (anonymous_at_discussions.microsoft.com)
Date: 04/29/04
- Next message: John Bowman: "Re: Protecting XML File While Displayed In Browser"
- Previous message: Raymond Ngwenya: "PKI wireless security assistance please"
- Next in thread: Alek Davis: "Re: Best Practice for storing TripleDES key and vector?"
- Reply: Alek Davis: "Re: Best Practice for storing TripleDES key and vector?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Apr 2004 12:16:05 -0700
What is the best practice for storing the encryption key and vector for TripleDES encryption. I'm using c# and we need to be able to decrypt information across all web and app servers - i.e. they all need to use the same key. The data is encrypted (using the same encrpytion/decryption dll) as a separate process as part of configuration (values may be in registry or config files) So, the point is that I need the same keys across all servers and all environments, but the keys don't need to be used outside of the enterprise.
What is the best practice for this? Right now the key and vector are stored as a byte right in the encryption dll. I clearly don't want it this way for several reasons...
- Next message: John Bowman: "Re: Protecting XML File While Displayed In Browser"
- Previous message: Raymond Ngwenya: "PKI wireless security assistance please"
- Next in thread: Alek Davis: "Re: Best Practice for storing TripleDES key and vector?"
- Reply: Alek Davis: "Re: Best Practice for storing TripleDES key and vector?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
