Saving a setting for all users at runtime which is secure.
Posted on 2012-08-17
My application uses a configuration which is downloaded from an online database during the initial setup. Because of the potential security risks involved, this configuration is encrypted. Each time the application is launched, a new configuration file is downloaded in case of any updates to the configuration. As such, during the initial installation, it is required to enter the encryption password. I don't want users to have to enter this each time they launch the application though, and it can safely be assumed all users on the computer are allowed access to the software (i.e. all users will use the same configuration file)
So - the question is, how can I store the encryption password within my application so that:
1) All users can launch the software and not need to provide the encryption password (I only want the Administrator to enter this on first launch of the software on that computer)
2) Secure the password from other applications or prying users.
I would appreciate any code samples in either c# or VB.net as well as any relevant theory on how to do this.
The application is being developed in VS2008.