4

We have an application that encrypts/decrypts data as DataProtectionScope.LocalMachine. We're now having to change the scope to DataProtectionScope.CurrentUser.

Will the existing strings encrypted under the LocalMachine scope still be readable when the scope is changed to CurrentUser, assuming of course the user is logged into the same machine?

EDIT: I've written a very quick & dirty test application. Strangely, on the same computer I can decrypt a string encrypted under LocalMachine or CurrentUser scope by both LocalMachine & CurrentUser scopes. This doesn't sound like the correct behaviour, help!

    private void btnUserEncrypt_Click(object sender, EventArgs e)
    {
        //encrypt data
        var data = Encoding.Unicode.GetBytes(txtUserEncrypt.Text);
        byte[] encrypted = ProtectedData.Protect(data, null, DataProtectionScope.CurrentUser);

        txtUserEncrypt.Text = Convert.ToBase64String(encrypted);
    }

    private void btnUserDecrypt_Click(object sender, EventArgs e)
    {
        byte[] data = Convert.FromBase64String(txtUserDecrypt.Text);

        //decrypt data
        byte[] decrypted = ProtectedData.Unprotect(data, null, DataProtectionScope.CurrentUser);
        txtUserDecrypt.Text = Encoding.Unicode.GetString(decrypted);
    }

    private void btnMachineEncrypt_Click(object sender, EventArgs e)
    {
        //encrypt data
        var data = Encoding.Unicode.GetBytes(txtMachineEncrypt.Text);
        byte[] encrypted = ProtectedData.Protect(data, null, DataProtectionScope.LocalMachine);

        txtMachineEncrypt.Text = Convert.ToBase64String(encrypted);
    }

    private void btnMachineDecrypt_Click(object sender, EventArgs e)
    {
        byte[] data = Convert.FromBase64String(txtMachineDecrypt.Text);

        //decrypt data
        byte[] decrypted = ProtectedData.Unprotect(data, null, DataProtectionScope.LocalMachine);
        txtMachineDecrypt.Text = Encoding.Unicode.GetString(decrypted);
    }
Marcus
  • 9,011
  • 10
  • 45
  • 65

1 Answers1

9

When you decrypt DPAPI-encrypted data, data protection scope is ignored.

DPAPI decryption routine checks metadata in the encrypted blob to see which scope was used for encryption and uses the same scope for decryption regardless of the scope you specify. So, if you encrypt data using machine scope, but then decrypt it "using" user scope (on the same machine), it will work because it will still use machine scope for decryption. If you want to verify, try moving data encrypted with machine scope to a different system and decrypting it using the same user account. You will see that this will fail. Or you can try to decrypt these data while being logged under a different account (in which case, it will work, too).

So, the answer to your question is: yes, if you encrypt data using DPAPI with machine scope and try to decrypt it passing user scope (on the same machine), it will work, but only because it will ignore the user scope during decryption.

Alek Davis
  • 10,628
  • 2
  • 41
  • 53
  • @Alex Davis What the parameters involves in encrypting the data in local machine scope? Are passwords not involved ? How easy is to crack localmachine blobs using reversing tools? Please advice – techno Jun 07 '15 at 17:02
  • @techno: The parameters are described in the API definition for CryptProtectData and CryptUnprotectData. See example at http://www.obviex.com/samples/dpapi.aspx. I'm not sure which password (passphrase) is used for the key, probably some value protected by LSA. Local machine option would be easier to break by having a malicious program run on machine than reverse engineering (I'm speculating here). In general I'd not recommend using machine scope. – Alek Davis Jun 08 '15 at 03:24
  • Thanks for your reply.Im not looking for a failproof mechanism.I think even if i use local machine scope,it would take good amount of technical skills get to the secret.Plus to add additional entropy i would use a secret known to the application only.What do you think? – techno Jun 08 '15 at 04:20
  • It's better than plain text, but it's still not very secure. – Alek Davis Jun 08 '15 at 16:39
  • @AlekDavis What would be used for the User Context then? Is this something stored in the user's AD profile, given that it transfers from machine to machine? I'm wondering what the longevity of this encrypted data would be. Would the encrypted information still be decryptable months or years down the line? Or is it tied to something like the user password? – duct_tape_coder Apr 29 '19 at 22:17
  • 1
    @duct_tape_coder: I have not seen any details on how Microsoft does it internally, but the user context works after the password changes. The only time it breaks is when a local (not domain) account's password gets reset by an administrator. – Alek Davis Apr 30 '19 at 02:09
  • 1
    @AlekDavis This is a bit old but informative: https://support.microsoft.com/en-us/help/309408/how-to-troubleshoot-the-data-protection-api-dpapi Also worth noting the risks of using DPAPI: https://www.harmj0y.net/blog/redteaming/operational-guidance-for-offensive-user-dpapi-abuse/ – duct_tape_coder May 01 '19 at 15:38
  • @AlekDavis hi! it seems that you are familiar with DPAPI. maybe you know the reason of my DPAPI behavior. please take a look at my question https://stackoverflow.com/questions/60230456/system-security-cryptography-protecteddata-unprotect-fails-with-invalid-data – cerberus Feb 19 '20 at 11:26
  • @cerberus: I read through your description, but I'm still not following what you are doing. – Alek Davis Feb 19 '20 at 18:13
  • @AlekDavis i have a web-app with REST-api and now i am creating a desktop app to work with that api. i need to get local user's session from the Chrome browser (i dont have to create a new session, because of some reasons, i can explain if you wish). session is a cookie file value. cookies stored in SQLite db. i can read the value, but its protected via DPAPI and "Unprotect" method fails. you said that data protection scope is ignored during unprotection, because BLOB meta-data stores it. what i am doing wrong?) – cerberus Feb 20 '20 at 08:29
  • I'll reply to your post. – Alek Davis Feb 20 '20 at 17:21