I have a .Net 2.0 windows forms application where a user will supply a
connection string for their database server during initial
configuration. I want to make sure this string is encrypted when its
stored in the app.config file or whatever xml based configuration file I
use. I can encrypt the data using the built in crypto classes in .Net,
but the question comes in how can I securely store the keys used for
encryption.
Is there any best practices or advise on going about doing this? Maybe
something even built into .Net for this?
Amy.