A script is used to send emails (only with Gmail) daily with user interactions. I would like to store their e-mail in hard drive in a plain text file. What is the right way to do it ?
-
I know one method would be to ask a user for a password to protect the e-mail password, but this method is pointless because the user should type in a new password every time an email is sent, so I rather ask their e-mail password instead.
-
Another way would be to encrypt the password and using a key with combination of specific informations to user like computer name+username+system+… and use this same key to decrpyt the encrypted password. The problem with this, that I’m using Autoit which is easy to decompile, so when a potencial attacker got the encrypted password, they could theoretically know the encryption key so doesn’t matter who many uniq information I use for encrypt the password, they could get it anyway.
-
Another way would be to use OAuth for gmail, so the user doesn’t need to type in password at all but I can’t do that.
Any ideas ?
As Eric has mentioned, DPAPI is the way to go if you are using Windows. http://msdn.microsoft.com/en-us/library/ms995355.aspx
The function CryptProtectData() uses the Windows logon information for that particular user to encrypt the data so that no other user on the system can decyrpt the plain text which you store.