I want to encrypt some server data using .NET s RSACryptoServiceProvider and decrypt it when someone enters a key/password via a web page. What are my options for protecting, or ideally not even storing, the private key on the server, whilst avoiding having the user supply it all each time?
- Encrypt the private key using a symmetric system and have the user supply the password for that?
- Store most of the private key on the server but have the user supply N characters of it?
- Store it in the server s MachineKeyStore and use a secret KeyContainerName as a password?
- Use CspParameters.KeyPassword in some way which works over the web?
- Something else?