Consider an application that runs locally on a Windows PC. The application uses a local folder for reading/storing encrypted data (i.e. images). A user logs in (authenticated from a local encrypted DB). The application needs to perform secure read/write operations to local storage based on user-UI interaction. These operations are using symmetric cryptography (AES).
- Is it safe to store information such as password or a cryptographic key in memory (i.e. a private class member) for the whole session?
- If not, what is the alternative way (I assume not to interrupt the user asking for password every time a crypto operation needs to take place).