String encryption for storing password and subsequently retrieving

Question

I need to store a password as an encrypted string in an XML file, and be able to pull it back out again. A quick glance through the System.Security.Cryptography Namespace reveals many options, some of which are hashing and some encryption.

This is the first time I have done any kind of string encryption (where the value is pulled back out again), and I was expecting something like this:

string plainTextPassword = "mypassword";
string myKey = "some key that people are unlikely to guess";
string encryptedPassword = SomeObject.Encrypt(myKey, plainTextPassword);
// ... write encryptedPassword to xml file ...

and

// ... read encryptedPassword from xml file ...
string decryptedPassword = SomeObject.Decrypt(myKey, encryptedPassword);

But when I look in the namespace there are services that provide hashing in there also, rather than purely encryption. I also notice that a lot of other questions are more around hashing (or at least one way encryption) and are not particularly concerned with retrieving the strings afterwards.

I definitely want more than just hashing the password. Where should I start?

Answer 1

This CodeProject article will answer all your questions as well as provide code snippets to help solve your problem: http://www.codeproject.com/Articles/10154/NET-Encryption-Simplified

The code samples are VB.NET (just noticed) but easy enough to convert to C#. Pay attention to how hashes are used with encryption techniques, they are not encryption.

Here's a code sample using Rijndael: http://kiranpatils.wordpress.com/2008/03/13/encryptiondecryption-helper-class-using-rijandelmanaged/ The way it s implemented sucks for "strength" of encryption but will get something going quickly (hopefully.)