I have a connection string in my app.config file that I would like to
encrypt. However, I have a bunch of other settings in the settings
file that I update and pull via the Settings.Default functionality
built in to .Net 2.0.

I was going to generate an RSA key and store it into a container and
than access it to encrypt and decrypt the connection string. However,
the application runs as a service and when a user configures the
windows app via the configuration utility its not under the same user
account. From my understanding the RSA keys by default are stored in
the users profile.

Now if I set the "CspProviderFlags.UseMachineKeyStore" does this
always store the generated keys in the machine key store on the
machine? Are there any caveats where this might not store the keys in
the machine key store.

Or am I making this way more complicated than it needs to be?

Amy