Securely storing encryption key in WinRT / Windows Store apps

Question

I would like to encrypt some of my Windows 8 app data (stored in local storage folder). This is not very sensitive data, however I would like to prevent users from forging/modifying it (and was looking into encryption as a way to achieve that).

Is there any secure key store available that I could use to save my key for later reuse? What I would like to do is: 1) on the first run generate the key and store it somewhere, 2) encrypt the data using the key, 3) anytime i need to decrypt the data i would retrieve the key from the store.

Answer 1

Be careful with the PasswordVault solution, I discovered that it is actually a problem because it is a roaming settings. If you open your application on two devices at the same time, you will get two encryptions keys, but after a day or so, the roaming setting will override the first generated encryption key.

Answer 2

Did you have a look at the PasswordVault class yet? http://msdn.microsoft.com/en-us/library/windows/apps/windows.security.credentials.passwordvault.aspx

Basically all confidential information should go in there. If you want to 'prevent users from forging/modifying it', the question is, how much energy you are willing to put into this.

Generally speaking, data in the PasswordVault should be secure without using additional encryption. Regarding security above that level it can be said that an attacker with physical access to the computer can do anything with it, as you'd have to store the keys on the same machine. Anything more swiftly reaches a point of diminishing returns against invested effort - i.e. just adding some obscurity instead of real security.