where to store Key and IV for AesCryptoServiceProvider?

Question

We have a C# (.net 3.5) application. During the installation, we use AesCryptoServiceProvider to encrypted some useful info in the config file. Those info will be decrypted by the application when it is running. So the application needs to know the Key and IV

We are thinking to store the Key and IV byte[] in a secure place on the machine. I know there is a machine store which can store RSA key pair. Can I store the Key and IV byte[] in there? I searched online and read the MSDN doc but cannot find a way to do it.

Do you know how to do it? Do you have any other good idea?

Answer 1

What you are attempting is a crypto violation. Cryptographic keys are commonly stored in plain text in a config file. The IV is commonly stored with the cipher text in your data store. As long as you don't violate CWE-329 you should be golden with this design.

Where all of this breaks down for you is that you are trying to hide cipher text on the same machine as the key. Where is the attacker? If he is already on your machine then he can just fire up a debugger and read the key or plain text in memory. Cryptography cannot address this problem, what you are looking for is Security Though Obscurity (Which isn't a secure solution.).

Answer 2

I'll respond first to the question, "Do you have any other good idea?"

The .Net framework has built-in support for encrypting configuration sections. You can apply this encryption to most configuration sections with a few exceptions (eg machine.config). Unless you have a good reason to roll your own configuration encryption, it might be a better idea to use what's already provided to you in the framework.

If you go that route, here's a good starting point. http://msdn.microsoft.com/en-us/library/53tyfkaw(v=vs.100).aspx

If you go with RSA you're still going to need to get your public and private key onto the machine during installation. Based on your question, presumably you have a way to get the key to the machine -- you just need to know where to store it. In that case Microsoft provides a place to store your RSA keys. You can follow this article on how to import and export keys: http://msdn.microsoft.com/en-us/library/yxw286t2(v=vs.100).aspx

On the machines that run the application, mark the private key as non-exportable when installing the key pair for some added security. If the application runs under a specific user account, install the key pair in the user store.

The user (or app pool in the case of most web apps) will need permission to read the private key. You can use aspnet_regiis.exe for the permission grant.

Most of the examples on the web will refer to aspnet_regiis.exe for creating, exporting, importing, and granting permission to RSA key pairs. You don't have to use that program, but if you do, there are a couple gotchas:

1. It only runs on files named web.config. So if you have a console app, you have to rename your config file to web.config to use it with aspnet_regiis.exe.

2. If you use aspnet_regiis.exe to create your key pair, it will ignore the key length paramater. As of this response, the current recommended key length is 3072. To create a key pair with a 3072 bit private key, don't use aspnet_regiis.exe. Refer to How to set key size of RSA key created using aspnet_regiis? for an example of how to create a larger key length.

After all that, if you still need to store the aes key somewhere, you might consider putting it in a file and protecting it with EFS using cipher.exe.