Reputation: 617
RijndaelManaged Key generation
I need to encrypt data and store it in a file and later be able to decrypt it back. For this I am using RijndaelManaged class. Now I do not want to keep the key hardcoded in the code. After some googling I found this method -
Here the key is generated but then all other values like passphrase, salt and IV are hardcoded. I do not have the option of letting the user enter the password, so I will also have to hard-code these values. So is this really safe? Can't some hacker use tools to find these hardcoded values and figure out the key?
Upvotes: 0
Views: 1092
Answers (2)
Reputation: 294177
You cannot store secrets hard coded in an application. Period. If the prize is worth it, the secret can be found.
Viable solutions are:
- Use DPAPI through
ProtectedDataclasses. - ask the user for a password
- use hardware modules (like an user badge)
Upvotes: 6
Reputation: 314
I don't understand. You say you don't have the option for haveing a user enter the password so what are you envisioning. If your computer was magic and you could describe what you want, what is it you want?
Upvotes: 1
Related Questions
- Key generation for symmetric algorithm
- SymmetricAlgorithm Key and initialization vector (IV) implementation
- Rijndael algorithm (How to create our own Key )
- how to generate the same key when using crypto c# 4.0
- Encryption using rijndael
- rijndael 256 key
- Encryption - symmetric key
- AES 256 encryption
- Rijndal Algorithm using C#
- RijndaelManaged: IV Generation?