Symmetric key storage

Question

My company is going to be storing sensitive data for our customers, and will be encrypting data using one of the managed .NET encryption algorithm classes. Most of the work is d

Answer 1

We have the same problem, and have been through the same process.
We need to have a process start up on one computer (client) which then logs in to a second computer (database server).

We currently believe that the best practice would be:

• Operator manually starts the process on client PC.
• Client PC prompts operator for his personal login credentials.
• Operator enters his credentials.
• Client PC uses these to login to the database server.
• Client PC requests its own login credentials from database server.
• Database server checks that operator's login credentials are authorised to get the client process' credentials and returns them to the client PC.
• Client PC logs out of datbase server.
• Client PC logs back into database server using its own credentials.

Effectively, the operator's login password is the key, but it isn't stored anywhere.