I need to store some password on a text file. I was trying to use
some kind of encryption to encrypt the password from plain text. I
found the code below off the web, which works great.
But the problem is, I need to specify both the "password" (which is an
encryption key I assume) and the salt. What will be the best way to
generate and store them? Right now I just hard code the key and salt,
but I am concerned about the security.
public static String Encrypt(String data, String password)
{
if (data == null)
throw new ArgumentNullException("data");
if (password == null)
throw new ArgumentNullException("password");
byte[] encBytes =
EncryptData(Encoding.UTF8.GetBytes(data), password,
PaddingMode.ISO10126);
return Convert.ToBase64String(encBytes);
}
public static byte[] EncryptData(byte[] data, String password,
PaddingMode paddingMode)
{
if (data == null || data.Length == 0)
throw new ArgumentNullException("data");
if (password == null)
throw new ArgumentNullException("password");
PasswordDeriveBytes pdb = new
PasswordDeriveBytes(password, Encoding.UTF8.GetBytes("Salt"));
RijndaelManaged rm = new RijndaelManaged();
rm.Padding = paddingMode;
ICryptoTransform encryptor =
rm.CreateEncryptor(pdb.GetBytes(16), pdb.GetBytes(16));
using (MemoryStream msEncrypt = new MemoryStream())
using (CryptoStream encStream = new
CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
encStream.Write(data, 0, data.Length);
encStream.FlushFinalBlock();
return msEncrypt.ToArray();
}
}