Protecting Passwords from .NET Decompilation
Posted on 2004-08-04
I have sensitive information that I want my program to be able to encrypt and store in a file and then decrypt the file and use the information. However, all encryption algorithms require some kind of password or key themselves. How can I store this key so that it will be safe from decompilation? I don't know if my obfuscator actually encrypts strings (I use the free Apose.Obfuscator). Could I store this key as a resource some way?
Essentially, here is my problem:
EncryptAndStore(sensitiveData, "This is my encryption key");
How can I safely store my encryption key? If it is hard coded, it can be viewed after decompilation and that is unacceptable. The user cannot have access to this key.