I'm wondering what the most secure method for encrypting text would be in my c++ app. The text is not transmitted or anything, so from what I understand a private-key (symmetric) encryption is what I would be looking for.

I see a lot of programmers use "custom" algorithms ranging from a simple XOR to more complex algos. While many use the official Microsoft CryptoAPI. Personally, I'd think the "custom" route quite possible (unless a lot of time were spent on it) would be easier to crack.

Having read quite a bit on this stuff tonight, I am left with a few questions I'm hoping can be answered:

1) Is a private-key the proper encryption technique for file text?
2) Is there ANY advantage to a custom algo over what the CryptoAPI offers?
3) Specifically what algo would be recommended (i know microsoft offers several)
4) Wouldn't calling an API function with a "private key" be extreamly insecure? Is the private key passed in plain text?

Thanks for any assistance,
PG