We have a server that securely sends a key to the client via a custom login program. The key is subsequently used for encrypting further client requests. That key is kept on the client’s disk, like a cookie, and is used by a program that might be started and stopped multiple times before the client decides to logout and cause the key to be obsolete (hence the key is saved on disk, because there may be long periods between login and logout when no program is running).
It would seem to be a bit more secure to keep the key only in memory instead of on disk (it’s OK if a crash or restart loses the key and subsequently forces a new login).
On Windows, what’s the best way to retain the key only in memory (ignoring that the memory might be virtual and paged to disk) between separate executions of a program?
One possible solution is to leave a trivial Windows service running on the client that accepts the key, retains it in the service’s memory, and returns it upon request (or use an equivalent trivial DDE server that does the same thing). A non-.net solution is preferred.
Is there a standard Windows service usually running that already provides this ability?
Is there a better approach?
There are probably a couple of solutions you can try that does not involve a running process:
Store it in a volatile registry key (REG_OPTION_VOLATILE)
Store it in the global atom table. The key has to be stored as a string. You would probably require two atoms; one that stores the key and one used to locate the first atom so you can call GlobalGetAtomName. The second atom should have a known name like “YourAppName:S-UsersSidGoesHere” so you can call GlobalFindAtom.
If you decide to store it in a file in %temp% you could use TOKEN_STATISTICS.AuthenticationId as part of a key used to encrypt the real key. You could encrypt the file itself with EFS (FILE_ATTRIBUTE_ENCRYPTED)…