I have a situation where my web application is going to be deployed on multiple servers.
Now, what I was thinking of doing was implementing Encrypt and Decrypt library functions that utilize the AesManaged class. These would use an AES key that would be different for each server (we would generate a new one for each server on deployment) - that way, each server would be using a different key. We would then use SectionInformation.ProtectSection() to encrypt them in Web.config, so they were secure.
However, I've come accross the ProtectedData class. This hooks into the Windows DPAPI functionality and allows symmetric encryption and decryption. Now I'm wondering, is there any point in my using AesManaged with my own generated keys at all, or should I just encrypt and decrypt data using ProtectedData? What are the pros and cons of each?
Aucun commentaire:
Enregistrer un commentaire