We have a server that securely sends the key to the client through a user login program. The key is then used to encrypt further client requests. This key is stored on the client disk as cookies and is used by a program that can be started and stopped several times before the client decides to log out and force the key to become outdated (therefore, the key is stored on the disk because there may be long periods between registration and logout if no program is working).
It would seem more secure to store the key only in memory and not on disk (this is normal if a failure or restart loses the key and then forces a new login).
On Windows, what is the best way to store the key only in memory (ignoring that the memory can be virtual and unloaded to disk) between separate program executions?
One possible solution is to leave a trivial Windows service running on the client that accepts the key, save it in the service memory and return it upon request (or use an equivalent trivial DDE server that does the same). A preferred solution is without use.
Is there usually a standard Windows service that already provides this feature?
Is there a better approach?
source
share