How can I securly store an AES key in Windows with .Net (C#)?

后端 未结 5 2987
太阳男子
太阳男子 2021-02-20 18:08

I\'ve looking for a way to store a given AES key so that it can\'t be retrieved, but it can still be used for encryption and decryption (using C#). I think the equivalent for a

5条回答
  •  一向
    一向 (楼主)
    2021-02-20 18:52

    Windows DPAPI (Win32 documentation), and its .NET wrapper (ProtectedData Class) does not store any data. Rather, Windows DPAPI returns a cryptographic cypher value which you can store anywhere you like, including on multiple servers.

    At my place of work we use DPAPI to generate a cypher for an AES key which we then store in the Registry.

    The sole purpose of Windows DPAPI is to encrypt data such that only a given user account or machine can decrypt it, without needing to store a password.

    The .NET ProtectedData class has been in the .NET Framework since 2.0.

    I would stick with Windows DPAPI over a third party product as it is mature, stable, free, easy to use and fully supported in .NET.

提交回复
热议问题