We are writing a set of application for windows which contains IE toolbar, Firefox toolbar and Windows Desktop client.
Before using any of these components user provides his secret code and says that he need to save this code for 1hr or whatever option he chooses.
Now the challenge for us is that we have to use the same secret code to decrypt his data while he uses in all 3 component, Currently we are writing that secret key in a plain file with AES encryption with a specific key buried in the source code and all 3 component access that key from that file.
Now please suggest me better way in light of following limitations/requirement.
- All 3 components are fully/partially written in .Net.
- IE uses the protected mode so no high privileged resource can be accessed
- the data of the user is encrypted with his own security key hence it is must for us to have his key to decrypt his data. and when he quits we loose this key to ensure the security.
- All 3 components runs in low privileged processes.
Can some one help me in this.
Regards