How to handle/store SQL Server master key password? Thick client (C#, .NET 4) and SQL Server 2008 Express

I have the need to encrypt/decrypt passwords for databases in my application. I will use the built-in encryption/decryption functions in SQL Server to store them in my SQL Server database.
BUT what is a good approach for handling the master key password?
Hide it in the client code!? Users of the client should not know this password.
jerraAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dhlotterCommented:
Database Master Key
A database master key must be generated explicitly using the below command:

Each database has a different master key, ensuring that a user with access to decrypt
data in one database cannot also decrypt data in another database without being granted
permission to do so.
The database master key is used to protect any certifi cates, symmetric keys, or asymmetric
keys that are stored within a database. The database master key is encrypted using Triple DES
and the user-supplied password. A copy of the database master key is also encrypted using the
service master key such that automatic decryption can be accomplished within the instance.
When you make a request to decrypt data, the service master key is used to decrypt the
database master key, that is used to decrypt a certifi cate, symmetric key, or asymmetric key,
and in turn is used to decrypt the data.

CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘<StrongPasswrd>’

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jerraAuthor Commented:
So I won't have to supply the password when I want to decrypt? I just have to be logged in on the SQL Server?
0
dhlotterCommented:
Correct, SQL will decrypt with the master keys available.
0
jerraAuthor Commented:
Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SQL Server

From novice to tech pro — start learning today.