Symmetric key storage

Question

My company is going to be storing sensitive data for our customers, and will be encrypting data using one of the managed .NET encryption algorithm classes. Most of the work is d

Answer 1

You can encrypt the symmetric key using another symmetric key that is derived from a password using something like PBKDF2.

Have the user present a password, generate a new key used to encrypt the data, generate another key using the password, then encrypt and store the data encryption key.

It isn't as secure as using a hardware token, but it might still be good enough and is pretty easy to use.