Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Equivalent of Data Protection API on Linux

Tags:

Microsoft Windows 2000 and later versions expose the Data Protection API (DPAPI) that encrypts data for a per-user or per-system context. The caller does not provide a key with which to encrypt the data. Rather, the data is encrypted with a key derived from the user or system credentials.

This API is conveniently exposed in .NET via the ProtectedData class:

// Encrypts the data in a specified byte array and returns a byte array
// that contains the encrypted data.
public static byte[] Protect(
    byte[] userData,
    byte[] optionalEntropy,
    DataProtectionScope scope
)

// Decrypts the data in a specified byte array and returns a byte array
// that contains the decrypted data.
public static byte[] Unprotect(
    byte[] encryptedData,
    byte[] optionalEntropy,
    DataProtectionScope scope
)

Is there an equivalent API on Linux? A bonus would be that it integrates conveniently with Java.

What are my alternatives if there isn't one?

like image 943
Matthew Rodatus Avatar asked May 17 '11 15:05

Matthew Rodatus


2 Answers

There are two options for user-level key stores on Linux:

  • GnomeKeyring
  • KWallet

This does not address the need for a system-level key store.

like image 55
Matthew Rodatus Avatar answered Oct 26 '22 07:10

Matthew Rodatus


It doesn't look any more (or less) advanced than PGP, or Pretty Good Privacy. There are APIs available for PGP, and the one that I recall others speaking kindly of is Bouncy Castle.

Here's an example of how someone used Bouncy Castle.

Better APIs or solutions may be available, depending on your specific needs.

like image 23
Edwin Buck Avatar answered Oct 26 '22 05:10

Edwin Buck