Catalin
Catalin

Reputation: 11731

Keeping sensitive data inside application code

I have an application build in asp.net mvc.

This application stores sensitive encryption keys used by various methods.

However, somebody can easily read the security keys i use if they open the application dll using .NET Reflector

My question is:

The only solution of keeping these keys really secure is to use an obfuscation tool?

Are there other solutions?

dot net reflector print screen

Upvotes: 1

Views: 870

Answers (1)

Martin Ernst
Martin Ernst

Reputation: 5679

You can encrypt and decrypt them using DPAPI (ProtectedData class in .NET).

Since this is a web app, you can even easier and transparently encrypt the web.config or sections of it

See Encrypting Web.Config

Upvotes: 3

Related Questions