Stack Overflow
Stack Overflow

Questions tagged [dpapi]

DPAPI is the API in Windows that allows a program to store "secrets", like passwords. It is used by Microsoft in IE and storing WiFi passwords and private keys for EFS, and also by Chrome for Windows and Safari for Windows, to store website credentials.

150 questions
45
votes
5 answers

How do I store and retrieve credentials from the Windows Vault credential manager?

I want to securely store a plaintext password on Windows PC. I am currently using DPAPI CryptProtectData to encrypt it, then store the encrypted blob in a file in user's local AppData. In Windows 7, there is Windows Vault, a credential manager…
kkm inactive - support strike
  • 5,190
  • 2
  • 32
  • 59
24
votes
3 answers

Using DPAPI with Python?

Is there a way to use the DPAPI (Data Protection Application Programming Interface) on Windows XP with Python? I would prefer to use an existing module if there is one that can do it. Unfortunately I haven't been able to find a way with Google or…
Wayne Koorts
  • 10,861
  • 13
  • 46
  • 72
21
votes
3 answers

Data protection in ASP.NET Core 2.1 only works on one machine

I'm using the ASP.NET Core Data Protection system to encrypt data with Application A and decrypt it with Application B. Encryption and decryption both work when run on the development machine, but when Application B is moved to the production…
Coder6841
  • 1,171
  • 2
  • 13
  • 24
15
votes
4 answers

data encryption and key management in c#

Which route to take, whats the pros and cons, which is more secure.. 1) Generate AES key, encrypt the data with it and then encrypt the AES key with RSA, save the encrypted data and encrypted AES key to a file and RSA keypair to a KeyContainer. 2)…
hs2d
  • 6,027
  • 24
  • 64
  • 103
12
votes
2 answers

DPAPI: Using CryptUnprotect before user logs in

I am using DPAPI to store an XML data. The data after CryptProtectData is stored in a file. In one of my use cases, this data needs to be decrypted before any user logs in to the workstation. Since, I cannot use user specific key in this, I am…
Wander3r
  • 1,801
  • 17
  • 27
11
votes
2 answers

Chrome 80 how to decode cookies

I had a working script for opening and decrypting Google Chrome cookies which looked like: decrypted = win32crypt.CryptUnprotectData(enctypted_cookie_value, None, None, None, 0) It seems that after update 80 it is no longer a valid…
Pavel Kaigorodov
  • 322
  • 1
  • 2
  • 11
9
votes
2 answers

Securely Storing Optional Entropy While Using DPAPI

So I am trying to store the symmetric key using DPAPI. All is well and great, but what to do with the entropy? This answered question here really doesn't provide enough insight. It seems like a slippery slope - I could use the machine store to store…
user195488
9
votes
2 answers

How does DPAPI and ProtectedData.Protect() handle Disk Images/Clones in .net 4?

I am testing out the idea of using .net v4's System.Security.Cryptography.ProtectedData() and UnprotectData() methods with the DataProtectionScope.LocalMachine scope to ensure that an file can only be encrypted/decrypted on a single machine. Here…
Christian Del'Aune
  • 101
  • 4
8
votes
2 answers

Attempt to set permissions on a KeyContainer in C# is having no effect

I'm using the following code in an attempt to programatically allow the NetworkService account to have access to a key: var RSA = new RSACryptoServiceProvider( new CspParameters() { KeyContainerName = "MyEncryptionKey", Flags =…
Jim T
  • 12,336
  • 5
  • 29
  • 43
7
votes
1 answer

Which Encryption algorithm does ProtectedData use?

For password encryption I want to use ProtectedData. As far as I found out, this is a wrapper for CryptProtectData. The MSDN only states something vague about encryption based on user credentials and that decryption usually must be done on the same…
Mare Infinitus
  • 8,024
  • 8
  • 64
  • 113
7
votes
2 answers

What Information can be found in every C# application to be used as a unique salt for encryption?

What information can be found in every C# application that can be used as a unique salt for encryption, including for web applications, windows services and wcf layers? I would like to create a library that allows easy encryption of sensitive data…
Ninjanoel
  • 2,864
  • 4
  • 33
  • 53
6
votes
2 answers

DPAPI password encryption in C# and saving into database.Then Decrypting it using a key

I have tried Password encryption using UTF8 Algorithm and SHA256, but was adviced not to use them. Instead , I was suggested to use DPAPI .I have browsed few sample codes from google which were not clear. Can you help me with the DPAPI Algorithm.
Fayaz shaik
  • 157
  • 1
  • 2
  • 12
6
votes
2 answers

Is it possible for one process to inject code into another without administrative privileges?

The CryptProtectMemory API in the DPAPI allows you to pass the CRYPTPROTECTMEMORY_SAME_PROCESS flag, which prevents other processes from decrypting the memory. One way around this would be to use OpenProcess, WriteProcessMemory, and…
Polynomial
  • 27,674
  • 12
  • 80
  • 107
6
votes
1 answer

Why do I get different outputs when encrypting using DPAPI?

I'm using DPAPI in C++ to encrypt some data that I need to store in a file. The thing is that I need to read that file from C#, so I need to be able to: C++ encrypt, C++ decrypt (is working good) C# encrypt, C# decrypt (is working good) C++ encrypt,…
Vic
  • 2,878
  • 4
  • 36
  • 55
5
votes
1 answer

Why not use DPAPI for encrypting all settings instead of only encrypting main password?

In my application I need to encrypt various settings and a password. So far I have been doing this with the RijndaelManaged class etc. as seen here: /// /// Encrypts the string defined by parameter "data" and returns the encrypted data as…
JohnSaps
  • 602
  • 5
  • 16
1
2 3
9 10