If you don’t want to handle keys yourself then let the operating system do it for your. E.g. use Windows Data Protection (DPAPI).
You can write your own, string-based, version of System.Security.Cryptography.ProtectedData.Protect and Unprotect methods by using something like:
public static string Crypt (this string text)
{
return Convert.ToBase64String (
ProtectedData.Protect (
Encoding.Unicode.GetBytes (text) ) );
}
public static string Decrypt (this string text)
{
return Encoding.Unicode.GetString (
ProtectedData.Unprotect (
Convert.FromBase64String (text) ) );
}