Keep storage password in RootData
RootData is not encrypted when you use whole-storage encryption. This was done to let the application store encryption-related information such as encrypted session keys, certificates, Access Control Lists etc. for use with whole-storage encryption.
If you want to encrypt the storage using whole-storage encryption, you can keep the whole-storage password in RootData (of course, in encrypted form). This is a good approach, for example, when you use a randomly generated key to encrypt the storage and use the password provided by the user to encrypt the storage encryption key in order to keep it in RootData.
To store the encryption key in RootData, simply encrypt it, then save it to the stream returned by OpenRootData method.
When you open the storage, you need to take the following steps:
- Create an instance of SolFSStorage class and initialize it's properties.
- Open the storage file using Open method without specifying whole-storage password
- Open RootData stream and retrieve the stored encryption key
- Decrypt the retrieved encryption key
- Set StoragePassword property to the decrypted encryption key