I am aware this question has been asked many times. But mine is related to my program design. So please read through my question.I have designed a c# light control application. The application owns a local SQL db to store user connection details including the keys to connect the server. The login page has ADD NEW CONNECTION button which prompts user to add connection details such as username, host address, key to paste option.
During app initial set up at the customer side, all I need to do is to send the key file to customer for the first time in email but it had to be hashed/encrypted so it cannot just be easily used. As of now, I designed a standalone application to take a key file, hash it, appends salt and send that hashed key file to the customer.
What I really want is, the customer needs to enter hashed key file in the login page for validation. As I have used hashed key file for validation, I need to store the original key file somewhere safe in application to be hashed and compared it with the one sent by email.
Is it a secure way to do it?
Do I need to keep in separate db for admin for the initial set up to store the original key file?
Also, I have another problem how this activity could be tied up with already existing Add new connection button?
- Can I opt for encryption instead of hashing? If yes, how can it be done?
Please share your thoughts on this. I want the most secure way to protect the key. Thanks in advance for your help.