Sending these values across an insecure network without encrypting them is extremely unsafe, as anyone that intercepts these values can then decrypt your data.
It will be storing the file encryption/decryption key on a remote Skater Depot cloud server, getting it though the web service that transfers it though https to the .NET application. That way the key stays in the memory of the computer but is not into a source code file. Question: In our application we have a lot of sensitive configuration settings, which we are storing in a xml file which is again encrypted.
This secure file has to be decrypted in runtime and the configuration values read, but an issue arises that the key and initialization vector is hardcoded in the code and hence anyone can read it using Reflector.
What is the best way to store encryption keys in .NET so no one can read them using .NET assembly browser? Answer: Use Skater Private Keys Depot algorithm to encrypt and decrypt data of .NET application projects.
Generally, a new key and IV will be created by Skater Private Keys Depot algorithms for every session, and neither the key nor IV being stored for use in a later session.
To communicate a symmetric key and IV to a remote party, Skater Private Keys Depot encrypts the symmetric key and IV using asymmetric encryption. This requires to have connection to the key server by whoever runs the application though, the connection provided by Skater Depot keys management system.
Otherwise, your app will wrongly call the deleted Key or if it's modified will retrieve a logically wrong value. That defined key then can be easily added, modified, and read to/from Keys Depot within your .NET application. The interface is useful to modify a key. NOTE. After you done your key modification, it will be cryptographically encrypted and stored onto Depot cloud server. The key value can be retrieved programmatically through your .NET applications by using special Skater Private Keys Depot API library. You can reference that dll into your .NET app by using Nuget Package Manager Console within Visual Studio. If the updated Key is already in use, before delete or modify it, you must update your application that retrieves it from Skater Private Key Depot.