http://blogs.msdn.com/b/tzink/archive/2012/08/07/designing-my-app-with-anti-tampering-in-mind.aspxAs I continue on in my series about how I’m designing my app (because designing software is fun, and writing about it even more so), there’s still one more piece to the puzzle.&#160; Even though I protect the data in transit from my web server to theenTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.msdn.com/b/tzink/archive/2012/08/07/designing-my-app-with-anti-tampering-in-mind.aspx#10338389Fri, 10 Aug 2012 00:11:26 GMT91d46819-8472-40ad-a661-2c78acb4018c:10338389Terry Zink<p>I may still end up doing asymmetric encryption, I haven&#39;t decided.</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=10338389" width="1" height="1">http://blogs.msdn.com/b/tzink/archive/2012/08/07/designing-my-app-with-anti-tampering-in-mind.aspx#10338087Thu, 09 Aug 2012 00:43:47 GMT91d46819-8472-40ad-a661-2c78acb4018c:10338087GregM<p>I&#39;m surprised that you find the security of the device holding the symmetric key is better than the security of an asymmetric encryption. &nbsp;If you did use asymmetric encryption, you wouldn&#39;t need to store a plain-text version. &nbsp;If you decrypted the file using the public key, and it resulted in a valid config file, then you can be sure that it&#39;s valid. &nbsp;This means that every device would be verifying that the config file is valid every time it downloaded it. &nbsp;Also, if the hacker was able to replace your encrypted config file, then they could replace the unencrypted config file too, so that wouldn&#39;t help your detection.</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=10338087" width="1" height="1">