Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > HOW TO: store keys?

Reply
Thread Tools

HOW TO: store keys?

 
 
Nobody
Guest
Posts: n/a
 
      11-02-2006
I'm new to ASP.NET, so I'm trying to write a simple store front to get me
into things. Obviously with users and such, I need to encrypt the passwords.
No problem there. I wrote a little encryption / decryption routine to
provide a 2 way mechanism (to allow for emailing users the passwords). I'm
using TripleDESCryptoServiceProvider with the EncryptedXml class.

Anyways, I end up with a string (base-64 encoded version of the encrypted
password). I store the encrypted version of the string in a SQL database as
a varchar type.

Now the question is, where can I store the decryption key? I can't store it
in the Session or Application objects for obvious reasons. I need to have
the same key for decrypting even if the server is shut down.

I was storing it in the registry, under HKLM\Software\MyCompany, but somehow
while googling tonight, I stumbled onto the fact that in a deployed real
world environment, the web site is going to run under the ASPNET user which
wouldnt have access to the registry key, but the development server runs
under my own user account which does.

Should I be storing it in the registry? or in the database? or where? I kind
of frowned upon storing it in the same place as the encrypted passwords, so
if a hacker compromised one place or another, he wouldn't have the plaintext
passwords.

A file of some sort in the App_Data directory seems equally hokey.

NOTE: Basically the key is generated by the DES provider the first time a
string is encrypted. That key is stored in the registry and used from then
on.

Any insight on where the keys should be stored would be appreciated.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM
64-bit Sempron now in store! Silverstrand Front Page News 0 06-24-2005 09:32 PM
to store or not to store an image =?Utf-8?B?UnVkeQ==?= ASP .Net 6 03-30-2005 05:51 AM
user & password store and autofill so what is Clemens Li Firefox 1 12-17-2004 10:56 AM
Re: How to store the profile in a place different from C:\Documentsand howdeedoo@utter.pla.net Firefox 0 04-23-2004 10:02 PM



Advertisments