0

We have this C# code to decrypt data:

ProtectedData.Unprotect(pdata, null, DataProtectionScope.CurrentUser);

The method throws "Key not valid for use in specified state."

The data was originally encrypted on a different machine with same ID.

According to the MSDN documentation for this method:

If you use this method during impersonation, you may receive the following error: "Key not valid for use in specified state." To prevent this error, load the profile of the user you want to impersonate before calling the method.

I don't really understand the last sentence. How do I load the profile of the user I want to impersonate?

Sinatr
  • 20,892
  • 15
  • 90
  • 319
user3573403
  • 1,780
  • 5
  • 38
  • 64

1 Answers1

1

Check ProtectedData class description:

This class provides access to the Data Protection API (DPAPI). This is a service that is provided by the operating system and does not require additional libraries. It provides protection using the user or machine credentials to encrypt or decrypt data.

This means you can not use different machine, unless you manage somehow to have same user account on both machines, then you can load it.

Sinatr
  • 20,892
  • 15
  • 90
  • 319
  • We use the same user account on both machines. The code uses "DataProtectionScope.CurrentUser" as the scope. So shouldn't it work when we encrypt on one of the machine and decrypt on the other machine? – user3573403 Jun 17 '15 at 09:40
  • It will work only if you logged with same user as the one you had when encrypting. Otherwise you have to load profile of that user, see [this](http://stackoverflow.com/q/4392221/1997232) question it has interop example of [LoadUserProfile](http://www.pinvoke.net/default.aspx/userenv.loaduserprofile). – Sinatr Jun 17 '15 at 09:45