问题描述

我正在寻找一种方法来存储给定的AES密钥，使其无法检索，但仍可用于加密和解密（使用C＃）。我认为非对称密钥存储的等价物可以在，但我正在寻找可用于对称加密的东西。是否以托管形式存在（pre .Net 4）？

I've looking for a way to store a given AES key so that it can't be retrieved, but it can still be used for encryption and decryption (using C#). I think the equivalent for asymmetric key storage can be found here, but I'm looking for something that can be used for symmetric encryption. Does it exist in a managed form (pre .Net 4)?

推荐答案

Windows DPAPI（）及其.NET包装器（）不存储任何数据。相反，Windows DPAPI返回一个加密密码值，您可以随时随地存储任何地方，包括多台服务器。

Windows DPAPI (Win32 documentation), and its .NET wrapper (ProtectedData Class) does not store any data. Rather, Windows DPAPI returns a cryptographic cypher value which you can store anywhere you like, including on multiple servers.

在我的工作地点，我们使用DPAPI生成一个密码一个AES密钥，然后我们然后存储在注册表中。

At my place of work we use DPAPI to generate a cypher for an AES key which we then store in the Registry.

Windows DPAPI的唯一目的是加密数据，使得只有给定的用户帐户或计算机才能对其进行解密，而不需要需要存储密码。

The sole purpose of Windows DPAPI is to encrypt data such that only a given user account or machine can decrypt it, without needing to store a password.

.NET ProtectedData类自2.0以来一直在.NET Framework中。

The .NET ProtectedData class has been in the .NET Framework since 2.0.

我会坚持Windows DPAPI超过第三方产品，因为它是成熟，稳定，免费，易于使用和完全支持.NET。

I would stick with Windows DPAPI over a third party product as it is mature, stable, free, easy to use and fully supported in .NET.

这篇关于如何在Windows中使用.Net（C＃）安全地存储AES密钥？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！