I have an asp.net app, and I want to store a machine wide encryption key that I will be using in the apps, when using DPAPI crypto system.
开发者_Python百科What are the best practices to store the key - where do I store it?
Thanks.
It very unsafe to store any key as plaintext in any non-volatile and inherently insecure medium (such as a Hard Drive). On such mediums, you should only store a signed encrypted version of a key, and write-access to the encrypted key should be secured.
The real work at hand is to model the security needs, to determine the key-management policy and implementation.
精彩评论