如何在Windows中使用.Net（C＃）安全地存储AES密钥？ [英] How can I securly store an AES key in Windows with .Net (C#)?

问题描述

我正在寻找一种方法来存储给定的AES密钥，使其无法检索，但仍可用于加密和解密（使用C＃）。我认为非对称密钥存储的等价物可以在这里找到，但我正在寻找可用于对称加密的东西。是否以托管形式存在（pre .Net 4）？

I've looking for a way to store a given AES key so that it can't be retrieved, but it can still be used for encryption and decryption (using C#). I think the equivalent for asymmetric key storage can be found here, but I'm looking for something that can be used for symmetric encryption. Does it exist in a managed form (pre .Net 4)?

推荐答案

Windows DPAPI（ Win32文档）及其.NET包装器（ ProtectedData Class ）不存储任何数据。相反，Windows DPAPI返回一个加密密码值，您可以随时随地存储任何地方，包括多台服务器。

Windows DPAPI (Win32 documentation), and its .NET wrapper (ProtectedData Class) does not store any data. Rather, Windows DPAPI returns a cryptographic cypher value which you can store anywhere you like, including on multiple servers.

在我的工作地点，我们使用DPAPI生成一个密码一个AES密钥，然后我们然后存储在注册表中。

At my place of work we use DPAPI to generate a cypher for an AES key which we then store in the Registry.

Windows DPAPI的唯一目的是加密数据，使得只有给定的用户帐户或计算机才能对其进行解密，而不需要需要存储密码。

The sole purpose of Windows DPAPI is to encrypt data such that only a given user account or machine can decrypt it, without needing to store a password.

.NET ProtectedData类自2.0以来一直在.NET Framework中。

The .NET ProtectedData class has been in the .NET Framework since 2.0.

我会坚持Windows DPAPI超过第三方产品，因为它是成熟，稳定，免费，易于使用和完全支持.NET。

I would stick with Windows DPAPI over a third party product as it is mature, stable, free, easy to use and fully supported in .NET.

这篇关于如何在Windows中使用.Net（C＃）安全地存储AES密钥？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！