In our application we have a lot of sensitive configuration settings, which we are storing in a xml file which is again encrypted.
This secure file has to be decrypted in runtime and the configuration values read. but an issue arises that the key and initialization vector is hardcoded in the code and hence anyone can read it using Reflector.
What is the best way to store encryption keys in .NET so no one can read them using Reflector?