Reputation: 11731
I have an application build in asp.net mvc.
This application stores sensitive encryption keys used by various methods.
However, somebody can easily read the security keys i use if they open the application dll using .NET Reflector
My question is:
The only solution of keeping these keys really secure is to use an obfuscation tool?
Are there other solutions?
Upvotes: 1
Views: 870
Reputation: 5679
You can encrypt and decrypt them using DPAPI (ProtectedData class in .NET).
Since this is a web app, you can even easier and transparently encrypt the web.config or sections of it
Upvotes: 3