Encrypting data in DB - where to store the key?

Discussion in 'ASP.NET / ASP.NET Core' started by jstuparitz, Aug 1, 2008.

Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.
  1. jstuparitz

    jstuparitz

    Concerning this article:
    http://msdn.microsoft.com/en-us/library/ms998372.aspx#pagpractices0001_sensitivedata

    Do you allow for the storing a secured registry key that holds an encrypted encryption key? If not, what's a reliable alternative?

    'Use DPAPI to encrypt the symmetric encryption key on each Web server and store it in a secured registry key. Create an ACL to protect the registry key that allows full control for administrators and read only access for your ASP.NET process account.'

    thanks,
    Justin
     
    jstuparitz, Aug 1, 2008
    #1
  2. Aristotle

    Aristotle

    We don't allow our customers to store data in the registry. I recommend just storing the key in your app's web.config.

    If you are talking about protecting your web.config data specifically, then see this KB article: http://kb.discountasp.net/article.aspx?id=10478
     
    Aristotle, Aug 1, 2008
    #2
Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.

Share This Page