Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Persistent storage of encrypted data using .Net

Tags:

c#

encryption

dns

roaming

I need to store encrypted data (few small strings) between application runs. I do not want the user to provide a passphrase every time (s)he launches the application. I.e. after all it goes down to storing securely the encryption key(s).

I was looking into RSACryptoServiceProvider and using PersistentKeyInCsp, but I'm not sure how it works. Is the key container persistent between application runs or machine restarts? If yes, is it user specific, or machine specific. I.e. if I store my encrypted data in user's roaming profile, can I decrypt the data if the user logs on a different machine?

If the above does not work, what are my options (I need to deal with roaming profiles).

like image 489
Sunny Milenov Avatar asked Sep 30 '08 18:09

Sunny Milenov

1 Answers

The Data Protection API (DPAPI) does exactly what you want. It provides symmetric encryption of arbitrary data, using the credentials of the machine or (better) the user, as the encryption key. You don't have to worry about managing the keys; Windows takes care of that for you. If the user changes his password, Windows will re-encrypt the data using the user's new password.

DPAPI is exposed in .NET with the System.Security.Cryptography.ProtectedData class:

byte[] plaintextBytes = GetDataToProtect();
byte[] encodedBytes = ProtectedData.Protect(plaintextBytes, null, DataProtectionScope.CurrentUser);

The second parameter of the Protect method is an optional entropy byte array, which can be used as an additional application-specific "secret".

To decrypt, use the ProtectedData.Unprotect call:

byte[] encodedBytes = GetDataToUnprotect();
byte[] plaintextBytes = ProtectedData.Unprotect(encodedBytes, null, DataProtectionScope.CurrentUser);

DPAPI works correctly with roaming profiles (as described here), though you'll need to store the encrypted data in a place (network share, IsolatedStorage with IsolatedStorageScope.Roaming, etc.) that your various machines can access.

See the ProtectedData class in MSDN for more information. There's a DPAPI white paper here, with more information than you'd ever want.

like image 173
Michael Petrotta Avatar answered Oct 20 '22 17:10

Michael Petrotta
Sign in to Comment

Related questions

Convert 'ArrayList' to 'List<string>' (or 'List<T>') using LINQ
Windows Service is giving Description: <Failed to read description error code 2>
Differences between Array.Length and Array.Count() [duplicate]
Assigning a Func to an Expression and vice versa
Get Return Value from Stored procedure in asp.net
REST service authentication
Convert decimal? to double?
Protecting Code in an Excel Workbook?
Display images in asp.net mvc
C# Select random element from List
Why dependency properties in WPF has to be Static
Execute task in background in WPF application
Convert String[] array to RedisKey[] array
How to run commands on SSH server in C#?
How to return a string from async
Find source of Exception shown in VS output window [duplicate]
c# How to verify signature JWT?
Unable to locate System.Data.SqlClient reference
cannot convert from 'void' to 'System.Action' [duplicate]
Not awaiting an async call is still async, right?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!