How can I securly store an AES key in Windows with .Net (C#)?

Question

I\'ve looking for a way to store a given AES key so that it can\'t be retrieved, but it can still be used for encryption and decryption (using C#). I think the equivalent for a

Answer 1

Even for asymmetric data, if the key is stored in computer and is used later, then it's retrieved and decrypted before use. And at this point a skilled hacker can retrieve it (by capturing computer memory and studying it). This is not trivial, but still possible.

In general to address your problem USB cryptotokens and cryptocards are offered. These hardware devices have their own memory for storing both symmetric and asymmetric keys, and they have processor to perform cryptographic operations using that keys. The key never leaves the device and it's virtually impossible to extract it from the device forcefully (there exist some hardware attacks such as scanning memory with microscope, but they are way more complicated than a software attack on computer).

So if your key is really valuable, use USB cryptotoken. The price of the device is very moderate - about $70-$100 per unit and there are several vendors that offer such devices.