views:

22

answers:

0

Hi

I'm trying to encrypt and decrypt some text file data using .NET's ProtectedData.Protect method. I'd like to be able to encrypt the text (and save it to a file) on one machine and decrypt the text on a different machine. The machines are both in the same domain and both running the same service under the same username so I thought using DataProtectionScope.CurrentUser would allow either service to encrypt and decrypt the file.

When service number two tries to decrypt the file, it throws a "key not valid for use in specified state". Other sites suggest that this kind of problem occurs when impersonation is not done correctly, but there is no impersonation. Both services run under the same AD account. It looks to me like the services are using different keys to encrypt the data but I don't know why this would happen as they are running under the same account.

Has anyone else encountered this kind of issue?

The code I'm using to encrypt and decypt is basically:

byte[] bytes = Encoding.Unicode.GetBytes(password); 
byte[] protectedPassword = ProtectedData.Protect(bytes, null, DataProtectionScope.CurrentUser); 
return Convert.ToBase64String(protectedPassword); //then I write this to a file

Thanks!