问题描述
我正在寻找一种方法来存储给定的AES密钥,使其无法检索,但仍可用于加密和解密(使用C#)。我认为非对称密钥存储的等价物可以在,但我正在寻找可用于对称加密的东西。是否以托管形式存在(pre .Net 4)?
I've looking for a way to store a given AES key so that it can't be retrieved, but it can still be used for encryption and decryption (using C#). I think the equivalent for asymmetric key storage can be found here, but I'm looking for something that can be used for symmetric encryption. Does it exist in a managed form (pre .Net 4)?
推荐答案
Windows DPAPI()及其.NET包装器()不存储任何数据。相反,Windows DPAPI返回一个加密密码值,您可以随时随地存储任何地方,包括多台服务器。
Windows DPAPI (Win32 documentation), and its .NET wrapper (ProtectedData Class) does not store any data. Rather, Windows DPAPI returns a cryptographic cypher value which you can store anywhere you like, including on multiple servers.
在我的工作地点,我们使用DPAPI生成一个密码一个AES密钥,然后我们然后存储在注册表中。
At my place of work we use DPAPI to generate a cypher for an AES key which we then store in the Registry.
Windows DPAPI的唯一目的是加密数据,使得只有给定的用户帐户或计算机才能对其进行解密,而不需要需要存储密码。
The sole purpose of Windows DPAPI is to encrypt data such that only a given user account or machine can decrypt it, without needing to store a password.
.NET ProtectedData类自2.0以来一直在.NET Framework中。
The .NET ProtectedData class has been in the .NET Framework since 2.0.
我会坚持Windows DPAPI超过第三方产品,因为它是成熟,稳定,免费,易于使用和完全支持.NET。
I would stick with Windows DPAPI over a third party product as it is mature, stable, free, easy to use and fully supported in .NET.
这篇关于如何在Windows中使用.Net(C#)安全地存储AES密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!