Safely storing AES key

I'm using OpenSSL in a program that decrypts a text file and then re-encrypts it with new text and a new encryption key every time the program starts. I'd like to safely store the key between instances of the p开发者_如何学Gorogram running. Is there an easy/decently safe way of doing this?

If you don't expect hard core attacks on the machine that the application is installed on, you can always hardcode inside your application another encryption key that you would use in order to safely save the previous session AES key in the file system before you close the app and to retrieve it back when you start the app. You could improve a bit the security if:

• you don't store the harcoded key into a single string, but instead in several strings that you then concatenate in a function

• you save the file in a relatively "unknown"/unpopular location like the Isolated Storage, or Windows\Temp instead of the application folder

• you use an asimetric key algorithm (makes cracking harder.. but in this case.. just a little bit)

• you put other stuff (bogus) in the file not just the key

If your program is not in a safe area (if its binary code can be inspected to find any key it would contain or any algorithm it would define) there is no simple way:

• You could obfuscate your key programmatically and store it in a file, but in that case, breaking your obfuscation algorithm would be sufficient to find the key. So this would reduce the strengh of the encryption to that algorithm, actually. Not a good way to go.

• You could also encrypt the key (called A here) itself, using a static key (called B) embedded in your program, but in that case, you would lose the interest of changing the key A every time. This because finding the key B embedded in your program would be sufficient to find any encrypted key A saved to the disk. This would not be satisfactory either.

Considering more complex solutions requires knowing your context a bit more (where can the attack come from, what is the lifecycle of the file, etc). But before going that far... is it needed to go that far? By this I mean: is your program at risk of cracking attempts? And should it be cracked, it that criticial? If not crackable or not critical, the second option above should be sufficient.

If your target host has a TPM chip, you can take advantage of it. OpenSSL can be configured to use TPM, with the help of trousers project