It may be that I have thought about this too much and have over complicated things and tied myself in a knot. I dont know a lot about encryption either so that does not help.
I have an app that has fields that are encrypted using an AES class (that I found posted here in another question) and the encrypted string is then saved in an XML file. Now the password used to encrypt each string is supplied by the user and setup the first time they use the program. This part works fine and I can encrypt and decrypt the data perfectly as I want to.
The problem I have is that the password that is used to encrypt these strings is stored in a config file within the app. Initially I figured I would use DPAPI to encrypt this password and then save in the config file and everything seemed to work exactly as I wanted. The user launched the program, setup a password, added some strings and everything encrypted fine and de-crypted fine and all worked perfectly.
The problem is this works fine on the computer the password is created on but as soon as I try to use it on another computer DPAPI throws an error (I assume because DPAPI is machine specific?)
So essentially I need a way to encrypt the password that is setup by the user on first launch and is stored in the config file but I cant use the AES class I am using to encrypt the other data as it needs a password to encrypt it!!!
As I say my AES class works perfectly at encrypting the other data but I need a way to protect the password that is stored in the app.config file other than encrypting it with DPAPI so I can use it on other devices without error.
I hope that made sense my head hurts!!!!
Any help much appreciated
Additional info:
The application is a very simple winform app that allows access to data when the correct password is entered and the program is stored on a USB stick enabling it to be connected to any computer and the data decrypted and viewed. There is no user structure you simply need the correct password to access the application and view the data. The password used to access the application is the password used to encrypt the data.
Duplicate question: The question is different because in their case DPAPI does what they require in my case it DOES NOT as I already expressed in my original question!
You don't store the password. You ask the user to provide it.