How secure is ProtectedData.Protect (DPAPI)?

EFS uses DPAPI, not the other way around. And Administrator can't read your key just like that.

Before forgetting about DPAPI, I would consider the alternatives. If you encrypt the file yourself,

  1. You must select a strong algorithm and implement it well.
  2. You will need a key. Where will it be ?
  3. You will store the key in a file somewhere on your drive.
  4. That key is sensitive, obviously, you will want to encrypt it
  5. Goto 1

DPAPI does 1 to 3 well. 4 and 5 are moot. If a Windows password is not enough to protect data, ask yourself why it is enough to CRUD that data in the first place.

For better security, you can consider not saving the data but a (salted) hash of it, if possible. It makes your data write only, though. For example, if you want to verify a customer license number :

  • Save a salted hash value of it
  • Run the same hash on the salted license number you want to verify,
  • Compare the two. It they match, the license is valid.

If you must read back encrypted data and a locally encrypted key is not enough, consider encrypting your application key (step 2 above) with a private key stored on a smart card.

Either way, remember that things happens. You always need a backup key somewhere.


See this article on DPAPI Security. Basically, it is as secure as your Windows password -- if your password is reset by an administrator, the decryption key will be lost. The major attack vectors you'll need to look at are:

  • Password disclosure: "shoulder surfing", sticky notes, etc.
  • Capture of the computer's accounts database and the use of a password cracker
  • Online attack by "drive-by download", removable media AutoPlay, etc.
  • Capture of a password reset disk, if you've made one
  • Physical installation of a key-logging device or other "bug"

DPAPI can be used both with and without optional entropy. There are only two ways DPAPI blobs without optional entropy can be compromised:

  1. A domain admin can directly retrieve anyone's history of DPAPI master keys at any time. Nothing else is required. These can be used to decrypt all blobs. Local administrators cannot do this.

  2. The user's Windows credentials are compromised.

If you use optional entropy then the data cannot be decrypted by anyone who doesnt know the value. The entropy may be derived from a password required to launch the application etc. Without the value, the data is lost forever.

EFS works differently. The user's key is protected using DPAPI for his profile, but the decryption key for the file itself is additionally directly encrypted with the administrator's public key as well. Therefore a domain admin can access the files.


Comments

  1. Ronan

    • 2015/7/30

    EFS uses DPAPI, not the other way around. And Administrator can't read your key just like that. Before forgetting about DPAPI, 

  2. Fontana

    • 2020/6/26

    DPAPI does 1 to 3 well. 4 and 5 are moot. If a Windows password is not enough to protect data, ask yourself why it is enough to CRUD that data in the first place. For better security, you can consider not saving the data but a (salted) hash of it, if possible. It makes your data write only, though.

  3. Royce

    • 2015/1/8

    When you use the DPAPI, you alleviate the difficult problem of explicitly generating and storing a cryptographic key. Use the ProtectedData 

  4. Julian

    • 2020/6/9

    Because it depends on DPAPI, the ProtectedData class is supported on the Windows platform only. Its use on .NET Core on platforms other than Windows throws a PlatformNotSupportedException . The class consists of two wrappers for the unmanaged DPAPI, Protect and Unprotect .

  5. Rocco

    • 2017/2/27

    DPAPI security relies upon the Windows operating system's ability to protect the Master Key and RSA private keys from 

  6. Ashton

    • 2020/5/10

    What DPAPI Can Protect. DPAPI helps protect the following items: Web page credentials (for example, passwords) File share credentials. Private keys associated with Encrypting File System (EFS), S/MIME, and other certificates. Program data that is protected using the CryptProtectData() function. Example: Certificates and Private Keys. This section describes the difference between personal data and confidential information that DPAPI helps protect.

  7. Luka

    • 2018/3/25

    Putting it in the same location as the protected data is somewhat pointless. You won't be able to get "perfect security" against an attack that already has user 

  8. Bellini

    • 2017/5/11

    ProtectedData; ProtectedMemory; Above mentioned classes can be found in System.Security.Cryptography namespace. Also known as part of DPAPI, they are available since .NET 2.0. ProtectedData. ProtectedData can encrypt and decrypt your data symmetrically. To encrypt data following code is used:

  9. Cooper

    • 2015/7/29

    How secure is ProtectedData.Protect (DPAPI)? Protect (DPAPI)? ProtectedData.Protect(plain, null, DataProtectionScope.CurrentUser); 

  10. Saint

    • 2021/5/5

    The solution is called Data Protection API, and enables you to protect data without having to worry about an encryption key. The documentation is lengthy and boring, but actually it’s pretty easy to use from .NET, because the framework provides a ProtectedData class that wraps the low-level API calls for you.

  11. Baker

    • 2020/8/25

    Насколько безопасен ProtectedData.Protect (DPAPI)?. Предположим, кто-то получит доступ ко всему моему жесткому диску, я думаю, что слабым местом будет мой 

  12. Bodie

    • 2016/7/6

    byte[] plaintext= ProtectedData.Unprotect(ciphertext, entropy, DataProtectionScope.CurrentUser);. Note that there are additional security considerations. For 

  13. Collins

    • 2015/3/18

    The objective of this tutorial is to show how the DPAPI can be used to encrypt and decrypt data. Encrypt some data using ProtectedData Class 

  14. Emir

    • 2016/3/25

    Security.Cryptography.ProtectedData, which you can use as follows: byte[] ProtData = ProtectedData.Protect( ClearBytes, null, DataProtectionScope.

  15. Layton

    • 2016/1/2

    Security.Cryptography.ProtectedData, which you can use as follows: byte[] ProtData = ProtectedData.Protect( ClearBytes, null, DataProtectionScope.

Comments are closed.

Recent Posts