8

I am looking into storing some sensitive data in an application I am working on. I have been looking at the ProtectedData class provided by Microsoft, and it looks pretty straightforward. However, I have a couple of questions regarding how it works.

First, I see that it uses "the user's login credentials" to generate the encryption key. I have seen in the documentation that only the current user will be able to decrypt the data. That is not a problem, I just want to know if the same user is logged in on a different machine, will they be able to decrypt the data? I am planning to have the saved information being shared over OneDrive, so hopefully it would be accessible on any device that the same user is using.

ex:

User A logs in on desktop computer, saves encrypted file abc.txt
User A then logs in on tablet, loads file abc.txt

Is abc.txt accessible to User A on the tablet?

Second, what happens once the user changes their password? It seems to me that the encryption key would then be different, and wouldn't that cause the decryption of the data that used the previous encryption key to no longer be recoverable?

ex:

User A logs in on desktop computer, saves encrypted file abc.txt
User A changes password
User A logs in on desktop computer, loads file abc.txt

Is abc.txt accessible to User A anymore??

dub stylee
  • 3,252
  • 5
  • 38
  • 59
  • I am thinking it might make more sense for my purposes to use something like `RijndaelManaged` instead. At least something that is not tied directly to a specific user. The question still stands though, will `ProtectedData` work across multiple workstations with the same logged in user? – dub stylee Jan 05 '15 at 23:24
  • I would say, `ProtectedData` is not really designed for using on multiple machines. this is more for "in memory" data protection. You need to use some good Crypto service for an encryption that you want to send over the wire. and I doubt it will work over mult. machines because this is not .NET - it uses DPAPI. – T.S. Jan 05 '15 at 23:26

2 Answers2

6

Is abc.txt accessible to User A on the tablet?

"For DPAPI to work correctly when it uses roaming profiles, the domain user must only be logged on to a single computer in the domain. If the user wants to log on to a different computer that is in the domain, the user must log off the first computer before the user logs on to the second computer. If the user is logged on to multiple computers at the same time, it is likely that DPAPI will not be able to decrypt existing encrypted data correctly." - http://support.microsoft.com/kb/309408

Is abc.txt accessible to User A anymore? On a single machine, after changing a password the user should still be able to access previously encrypted files. My understanding is previously generated keys are still stored in a list to allow this. (It would be expensive operation to have to decrypt and re-encrypt all previously stored data every time a user changes their password, so instead they just keep the old keys.)

However, there are administrative tools that would allow you to change the password in a way that might break this.

I do not know the affect of changing your password on Machine A would have on Machine B. I would assume the roaming profile would deal with this properly, but that might be an invalid assumption.

I wouldn't store data in DPAPI that is critical without backing it up somewhere. Of course that introduces other security related complexities depending on what the sensitivity of the data is.

AaronLS
  • 37,329
  • 20
  • 143
  • 202
  • I think that this reinforces my assumption that using a different method of encryption is probably the way to go in my situation. Thanks for the thorough answer to both parts of the question. – dub stylee Jan 05 '15 at 23:39
4

The Data Protection API (DPAPI) works correctly with roaming profiles. So this would cover the fact that a user can decrypt the data over a network. Using an IsolationStorage is used to store data that applies across multiple applications and is not tied to any particular application, such as the user's name or license information.

Example to create the isolated roaming store:

using (IsolatedStorageFile isoStore = IsolatedStorageFile.GetStore(IsolatedStorageScope.User | IsolatedStorageScope.Domain | IsolatedStorageScope.Assembly, null, null))
    {
        isoStore.CreateDirectory("TopLevelDirectory");
        isoStore.CreateFile("abc.txt");
    }

Example to get the isolated roaming store:

IsolatedStorageFile isoFile =
IsolatedStorageFile.GetStore(IsolatedStorageScope.User |
    IsolatedStorageScope.Assembly |
    IsolatedStorageScope.Roaming, null, null);
Sievajet
  • 3,443
  • 2
  • 18
  • 22
  • Thank you for this information. Would encryption then be used in addition to the isolated storage to increase security? Or does the isolated storage also provide encryption? – dub stylee Jan 05 '15 at 23:37
  • Access to isolated storage is also restricted according to the identity associated with the application's domain and assembly, or with the assembly alone. Read the MSDN docs. It's all explained very well – Sievajet Jan 05 '15 at 23:41