Encryption of user settings (user.config) RRS feed

  • Question

  • Hello,

    I've been searching for an answer for over 1 week. Hope you can help me out.

    Basically, I'm developing a Windows Forms application in Visual Studio 2008 Pro edition, in C#. The application allows the user to input his email address and the password of his email address. I want to save the email and password for later use (when the user will open the application again).
    What I did until now: I've decided to save the email in a setting (Properties.Settings.Default.mail - I've selected user scoped setting, so I can alter it) and the password in another setting (Properties.Settings.Default.password).
    When I need to update the password or email, I simply use something like:
    Properties.Settings.Default.pass = Textbox1.Text;Properties.Settings.Save();

    The new password (or email)  is saved in the user.config file (somewhere in application data/local settings/...).

    My question: Everybody can access the user.config file. How can I ENCRYPT the password, SAVE it to the user.config file so I can DECRYPT it  later, when I need the application to SEND an email ?
    I thought of using MD5, but I can't decrypt the password when I want to send the email.
    I thought of using DES, but I don't know how to save the key so I can decrypt the password.

    Roundup: I just want a simple way to encrypt the password (so nobody is able to see it in the user.config, obviously), but I also want to decrypt it, when I need to send the mail.

    I'm looking for an easy solution, please help me.

    Thank you,
    Friday, December 12, 2008 5:05 PM


All replies