Thursday, January 24

Followup: Cryptographic key management

So after some wrangling with my webhost, playing with key containers, and chatting with an MS sort over on, I've come to the conclusion that machine-level key stores are the proper way to store crypto keys on the server -- never use plaintext files, as I'd originally been considering.

The ASPNET and/or Network Service context should have access to store and retrieve keys from the machine-level store. You can insert them programmatically, or most host support staffers should be able to import them as well.

No comments: