I have a pretty good understanding of how the cryptoAPI works and the uses, however, I'm quite confused as to how one would secure it.

I am planning on using the crypto API to do basic file content encryption. Obviously, if a "hacker" gets ahold of the txt file, it's pretty difficult to break the encryption and grab the contents. Most people, "type" a secret password to decrypt the file....not so in my case!

In my app, the key will HAVE to be stored in the executable. This presents a few problems. Once I call the "Decrypt" function, any half-ass cracker, will check the stack contents and snag the key.

I want to prevent this or at least make it much more difficult. I will certainly use the usual techniques to twart crackers (packed exe, debugger checks) but how can I better prevent this type of stack attack?

One thought I had was to just write my own stupid algorithm that attempts to hide\play with the decryption key as much as possible. But I would deffinatly prefer to use one of the API's algo's.

Any suggestions?

Thanks
Phil