What is the best way to store a cryptographic key?

I'm looking to write an app that incorporates transparent security. To the best of my knowledge, that means the key is stored somewhere and used every time the key is needed.

If I'm anywhere near right about that... How do I store the key locally offline?

In my app, I开发者_如何学Go'm primarily interested in Windows (ideally .Net) solutions.

One way to do this w/ a reasonably level of security is to use the DPAPI capability exposed by the System.Security.Cryptography.ProtectedData class.

This method can be used to encrypt data such as passwords, keys, or connection strings. The optionalEntropy parameter enables you to add data to increase the complexity of the encryption; specify Nothing for no additional complexity. If provided, this information must also be used when decrypting the data using the Unprotect method.

You can protect data in two locations

• CurrentUser
  The protected data is associated with the current user. Only threads running under the current user context can unprotect the data.

• LocalMachine
  The protected data is associated with the machine context. Any process running on the computer can unprotect data. This enumeration value is usually used in server-specific applications that run on a server where untrusted users are not allowed access.

Ultimately the data is encrypted with your windows (or machine) credentials