Click here to Skip to main content
Click here to Skip to main content
Search within:



 
Comments & Discussions (1)

Keeping Secrets with Data Protection API (DPAPI) in .NET

By , 5 Oct 2005
 

Introduction

Data Protection using DPAPI on managed code needs to be done using C++ unmanaged code or by writing some wrapper code, as many of us have done. Data Protection is available in VS2005 by using some simple-to-use static methods: "ProtectedMemory::Protect", "ProtectedMemory::Unprotect", "ProtectedData::Protect", and "ProtectedData::Unprotect" located in the "System::Security::Cryptography" namespace. I have taken some time to define a class that I called "Secret" that hides many implementation details with the intention of making working with those methods as simple as it can be. For example:

int main(array<System::String ^> ^args)
{
    // secret info to protect
    String ^s = L"this is a sample and a long one it is";

    // get the secret instance
    ::Security::ISecret ^a =
       (::Security::ISecret^)(gcnew ::Security::Secret());

    // keep your secret in memory
    a->ProtectMemory(s) ;
    a->UnprotectMemory();
    System::Console::WriteLine(a->ToString());


    // some user given / known data (entroy) to salt secret and
    // target file to store secret into
    String ^entropy=L"test", ^fpath=L"c:/temp/test.dat" ;

    // keep your secret in a file
    a->ProtectDataToFile(s,entropy,fpath) ;
    a->UnprotectDataFromFile(entropy,fpath) ;
    System::Console::WriteLine(a->ToString());

    return 0;
}

You will soon find that keeping secrets with the "Secret" class can be a bit more complex if you like to influence the "Scope" of your secret. For that reason I also abstracted out the DPAPI enumerators and provided a single enumerator class as follows:

public enum class ProtectionScope
{
   ...

   // memory protection

   ProtectMemoryCrossProcess = 1,
   ProtectMemorySameLogon    = 2,
   ProtectMemorySameProcess  = 3,

   // data protection

   ProtectDataCurrentUser  = 10,
   ProtectDataLocalMachine = 11,

   ...
}  ;

To change the scope just do the following:

   a->Scope = ProtectionScope::ProtectMemoryCrossProcess ;

I encourage the reader to lookup the DPAPI MSDN articles and use it to keep data secure in their applications. Search for DPAPI and "ProtectedMemory" to get to those articles.

I'd also like that anyone interested in the "Secret" class use it, and if improvements are done, keep me posted of those. Also if there are any recommendations (the good and the bad) send me those as well.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

 esob
Web Developer
Puerto Rico Puerto Rico
Member
C/C++ programmer since 1984.

Article Top
 
Sign Up to vote   Poor Excellent
Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

 
Hint: For improved responsiveness ensure Javascript is enabled and choose 'Normal' from the Layout dropdown and hit 'Update'.
You must Sign In to use this message board.
Search this forum  
    Spacing  Noise  Layout  Per page   
First Prev Next
QuestionProblem in Scope?membermatrixprogrammer5 Sep '07 - 17:14 
Last Visit: 31 Dec '99 - 18:00     Last Update: 24 May '13 - 4:25Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

About Article
A full blown sample of keeping data secret in memory or on a file.
Type Article
Licence 
First Posted 5 Oct 2005
Views 21,076
Bookmarked 9 times

, +
Top News

Old Japanese Man Creates Amazing Art Using Excel (Wait, Excel?)

Get the Insider News free each morning.
Related Videos
JavaScript Programming - 1001 What Is A Browser API?
Java for Beginners Part 25: Public, Private, Protected
Securing Configuration Files in ASP.NET
DPAPI and Triple DES: A powerful combination to secure connection strings and other application settings
Data encryption with DPAPI
Encrypting windows application connection strings
Protection Schemes Based on Virus Survival Techniques
A Developer's Survival Guide to IE Protected Mode
String Encryption using DPAPI and Extension Methods
Encrypt and Decrypt Configuration Sections in ASP.NET 2.0
Solution for hacking through clipboard
Why hackers love String data type?
Calling API functions using C#
API hooking revealed
Demystifying OAuth
Elliptic Curve Diffie Hellman Cryptography
EasyHook - The reinvention of Windows API hooking
Manipulate Alternate Data Streams
Developing Facebook Connect Application using ASP.NET
Secure Architecture Design Methodologies
Getting Started with Facebook Desktop (Client) Applications, C#, WPF / XAML and JSON
Creating a Form That Doesn't Take Focus
Permalink | Advertise | Privacy | Mobile
Web04 | 2.6.130523.1 | Last Updated 5 Oct 2005
Article Copyright 2005 by esob
Everything else Copyright © CodeProject, 1999-2013
Terms of Use
Layout: fixed | fluid