I would suggest you either derive the key from a strong password or encrypt the key using a certificate.
-- Steve Johnson On Thu, Mar 20, 2008 at 1:27 PM, Robert Lee <[EMAIL PROTECTED]> wrote: > Maybe someone can help shed some light on this subject for me. > > > > I am encrypting several values (using AES) before storing them to an xml > file, and I have yet to find an example, or explanation of how to get my > key > into protected storage the first time. > > The examples I've seen so far create a random key (unique to the machine), > and then store that key (encrypting the key via DPAPI). In this case I > need > to be able to transfer the file to another machine for support, or in case > of a crash, so a random key is out, and any key created in code is visible > to anyone with reflector, so that's out. I also can't have the user enter > a > key, as we have a large installed base, and that would compromise the key. > > > > I have read an article suggesting to use a web service, but that seems to > be > a bit extreme just to get a key onto a machine. > > > > Thanks for any insight or suggestions, > > Rob Lee > =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
