How to encrypt a password as part of a Wix installation

Question

I'm creating a Wix installer for a windows service which needs to have provided, at installation time, the username and password for an email account to inspect. Currently the password is stored in clear text in the config file which at the least needs to be encrypted.

Is this the best approach to take as I realise that storing an encrypted password is not good practice in itself?

If there is no better way then I was going to perform the encryption as part of a custom action but I can't figure out if there's a way to pass the encrypted value back to the installer so that the installed config file can be amended. Is there a way to do this as otherwise I'm guessing the custom action will have to perform this task to.

Answer 1

The best option I found for now is using custom actions and data protection API:

• when you get a data to encrypt from the user (or elsewhere), pass it to immediate CA which runs on install and encrypts the data
• store this encrypted value in the system registry
• on uninstall (or maintenance) read the encrypted value from registry and pass it to the immediate CA which decrypts the data (this all should happen before you use this value, of course)

Furthermore, all this can be wrapped into a WiX extension, but it's a kind of advanced...

This all concerns the case when you need the password during the install/uninstall/maintenance. Otherwise (if it is the application which needs it for functioning), it's up to the application architecture to choose the right way to store and use the value...