I've got an application that needs to download files from an sFTP. The authentication requires a key and a passphrase. The application itself is being used in Windows' Kiosk Mode.
I'm thinking of using the ProtectedData class to secure both the key and the passphrase like this:
- deploy the app with the key and the passphrase
- start the app
- the app checks whether there is an unencrypted key and pass and if yes, then it encrypts them for the
CurrentUserinto a new file and deltes the original one - subsequent starts will use the encrypted file to connect to the sFTP (via WinSCP package)
Would you say this would be a good workflow to make sure there is no plain-text key and password available on the Kiosk machine?
Using the platform provided protection usually makes sense; it is pretty hard to securely store the encryption key within an application after all.
What we don't know is if the key and password have the same lifecycle. You've already thought about replacing the key / password but that may need some deeper thought.
It makes sense to destroy the (copies of) the unencrypted key / passphrase after provisioning / use.
In general I think the idea is solid, but it should be fleshed out a bit creating a technical description including life-cycle management and possibly some procedures for application management.