dpapi

Using DPAPI / ProtectedData in a web farm environment with the User Store

I was wondering if anyone had successfully used DPAPI with a user store in a web farm enviroment? Because our application is a recently converted from 1.1 to 2.0 asp.net app, we're using a custom wrapper which directly calls the CryptUnprotect methods. But this should be the same as the ProtectedData method available in the 2.0 framewor...

Using DPAPI with Python?

Is there a way to use the DPAPI (Data Protection Application Programming Interface) on Windows XP with Python? I would prefer to use an existing module if there is one that can do it. Unfortunately I haven't been able to find a way with Google or Stack Overflow. EDIT: I've taken the example code pointed to by "dF" and tweaked it into ...

DPAPI with ASP.NET Service Account

Hi, I want to encrypt data before saving it to the database. The access to the data is controlled by the application. So anyone with Admin role should be able to see the data. I want to be able to protect the encryption key used to encrypt/decrypt the data. I dont want to use the DPAPI machine key since the server hosts multiple apps. ...

Why do I get different outputs when encrypting using DPAPI?

...

Storing passwords for authentication against another system

This is not the usual question "Is it safe to store plain-text users' passwords?". No, it's not safe, we all know that. I'm writing a little application that should authenticate against an external system to do some stuff, and the only available authentication method is through a username and a password. It was intended for humans, and ...

DPAPI encryted section returns null

Hi, I am encrypting the appSettings and the connectionStrings sections in the app.config file. But when I try to read the value, its always returning null. I am not sure if I am missing something. I thought the decryption was transparent. Has anyone else had any success with reading DPAPI protected sections in the app.config file. ...

Protecting encryption keys using DPAPI: Obvious hole?

I have a Windows.Forms based .NET desktop application that stores privileged information in a file on disk (not using .NET configuraton files), encrypted using a symmetric cryptography algorithm such as TripleDES using MS's CryptoAPI. This file must be read/written over multiple program runs / machine power cycles, aka, use the same Key...

DPAPI + Entropy

We have a WPF app that allows our users to download encrypted content and we want to provide the ability to decrypt this content off-line. The idea is to download the keys and store them using the DPAPI but I'm having trouble with the entropy parameter. Is there any way to generate an entropy to consistently use for the DPAPI functions ...

Securely Storing Optional Entropy While Using DPAPI

So I am trying to store the symmetric key using DPAPI. All is well and great, but what to do with the entropy? This answered question here really doesn't provide enough insight. It seems like a slippery slope - I could use the machine store to store the entropy but then what prevents someone from getting at that as well? Note: I am stori...

Classic ASP vs. ASP.NET encryption options

I'm working on a web site where the new pages are ASP.NET and the legacy pages are Classic ASP. Being new to development in the Windows env, I've been studying the latest technology, i.e. .NET and I become like a deer in headlights when ever legacy issues come up regarding COM objects. Security on the website is an abomination, but I've...

Encrypt the configuration group System.ServiceModel in App.config

We are deploying a client app and need to encrypt the system.serviceModel configuration group. I have been searching on StackOverflow for the better part of the day for the best way to do this and most responses have either been "rename app.config to web.config, encrypt with the ASP.NET utilty, and deploy" or "override the install metho...

Attempt to set permissions on a KeyContainer in C# is having no effect

I'm using the following code in an attempt to programatically allow the NetworkService account to have access to a key: var RSA = new RSACryptoServiceProvider( new CspParameters() { KeyContainerName = "MyEncryptionKey", Flags = CspProviderFlags.UseExistingKey | CspProviderFlags.UseMachineKeyStore }); RSA.CspKeyContainer...

DPAPI mixing password and configurable setting in web.config

Hi, I am developing a website and has some password that need to be stored in web.config. I intend to store it in app.settings. However, base on what I understand, if I use DPAPI to secure the data, the entire app.settings section is encrypted. This means that it is not possible for me to mix configuration information like number of row...

Protecting connection strings during dev

We need to protect connection strings during development. On servers we use DPAPI which works fine. DPAPI is not an option during dev since the connection strings will need to be decrypted on many machines. Some of the user names/password used for dev are rather sensitive and we don't want them floating around. It's fine for all the ...