C# – Howto save a password in the registry

c++password-protectionsecuritywinforms

I have a desktop application with a remote interface. The access to the remote interface is secured by a username and password.

What would be the best way to save these password securely, preferably in the registry?

Best Solution

If you do need to store an unhashed password, look at using the ProtectedData class. This makes use of the Data Protection API (DPAPI) which is the best way of securing data on Windows.

Here's a little class that wraps ProtectedData and provides two extension methods on String to Encrypt and Decrypt data:

public static class DataProtectionApiWrapper
{
    /// <summary>
    /// Specifies the data protection scope of the DPAPI.
    /// </summary>
    private const DataProtectionScope Scope = DataProtectionScope.CurrentUser;

    public static string Encrypt(this string text)
    {
        if (text == null)
        {
            throw new ArgumentNullException("text");
        }

        //encrypt data
        var data = Encoding.Unicode.GetBytes(text);
        byte[] encrypted = ProtectedData.Protect(data, null, Scope);

        //return as base64 string
        return Convert.ToBase64String(encrypted);
    }

    public static string Decrypt(this string cipher)
    {
        if (cipher == null)
        {
            throw new ArgumentNullException("cipher");
        }

        //parse base64 string
        byte[] data = Convert.FromBase64String(cipher);

        //decrypt data
        byte[] decrypted = ProtectedData.Unprotect(data, null, Scope);
        return Encoding.Unicode.GetString(decrypted);
    }

}