Reputation: 323
Securely store application account data
I am storing account data for my application in the "application data" local directory. I am curious to understand the proper (or a correct) way to secure this file.
As it stands, it's a simple text file. Can I simply zip it with AES 256bit encryption? Is that safe enough? Of course, then inside my program I need to store the key, so is this a risk?
What's the best method?
Cheers, Adrian
Upvotes: 2
Views: 293
Answers (2)
Reputation: 5741
You can encrypt sensitive data (or entire stream/string) before writing to file. Alternativelly you may zip/unzip entire data stream into memory and write/read it to/from file. In this case you just will use less disk space.
Ziping a file is not a nice solution. It assume that for some time you will have your file unencrypted when writting/reading profile data. This may be a big security hole.
Upvotes: 0
Reputation: 24503
You might want to consider the DPAPI (Data Protection API). This SO answer explains some scenarios you can use it for (user data, program data).
Don't go invent your own encryption algorithms, and give the storage of your encryption keys some good thought: that is often the weakest point in the whole security chain.
Upvotes: 3
Related Questions
- Secure way to store password in Windows
- How to protect file system?
- What protection scheme for my passwords?
- Any way to store a password securely in an application
- Where to store AES key?
- Store password in application
- Where to store sensitive information needed for an application to run?
- How should I store passwords locally for a multi-user application?
- Store a Password Securely
- saving passwords inside your application code