DPAPI functions are the best, but they are user-account and machine specific,
i.e. for another user logging on to the machine it was encrypted on, or the
same user on a different machine, it won't decrypt. If you can't use DPAPI
because of that you can probably prepend the key and initialization vector
onto the front of the encrypted data, and then use 8 more bytes to tell your
decryptor how long the key and initialization vector are.
"phil" wrote:
Where's the best place to store a symmetric key for a file encryption
program? Is the registry a good idea?