.NET: Best practice to encrypt sensitive data on a client application?
I need to securely store a user/password pair on a client .NET application (Outlook addin).
Encryption needs to be reversible, and I'd be glad 开发者_运维知识库to avoid storing an encryption key in my code, as it's easy to get through disassembly.
In fact, I'd like to access an EFS-like API to delegate the encryption to Windows.
Any hint on this issue?
If you have access to .Net 4.0, then I'd recommend the ProtectedData class which encapsulates the windows DPAPI, the recommended way to encrypt data on the client machine in windows. Otherwise you can P/Invoke the DPAPI directly to do it.
Please note that if you are trying to stop the user from reading the password, then this won't really stop them. If they have access to their system then the DPAPI won't stop them. Best bet is to not store the password at all and ask them to login, or if you can connect to something that uses SSPI to do integrated windows authentication then you have the best solution of all.
But it's tough to know what you need without knowing what you are trying to achieve.
MSDN Link
精彩评论