1

I have a number of workstations which are part of my domain, each running some .NET application. One central server stores secrets which I would like to be encrypted by a key which is accessible to all users of the system which have the appropriate user group.

I found that .NET does offer a wrapper for DPAPI, but I was wondering if the same applies for DPAPI-NG, where a wrapper function exists for NCryptProtectSecret and NCreatProtectionDescription. Furthermore, how would I go about configuring the descriptor, so as to only allow a specific user group from my domain to decrypt the secret?

In case there is no wrapper I'd have to import the ncrypt.dll and work with that. Can anyone who has experience with this library confirm that this URL has an up-to-date API https://msdn.microsoft.com/en-us/library/windows/desktop/hh706795(v=vs.85).aspx?

NLuburić
  • 912
  • 1
  • 10
  • 28

1 Answers1

0

I found that .NET does offer a wrapper for DPAPI, but I was wondering if the same applies for DPAPI-NG, where a wrapper function exists for NCryptProtectSecret

NCryptProtectSecret has no hits on referencesource.microsoft.com. So it is probable that no such wrapper API exists within the framework.

Can anyone who has experience with this library confirm that this URL has an up-to-date API https://msdn.microsoft.com/en-us/library/windows/desktop/hh706795(v=vs.85).aspx?

Function signatures in Win32 never change. The documentation may have errors in the prose, but almost never in the API surface. The best way to be sure is to find a copy of the header file it was declared in, but really that's usually only necessary if a) a named constant is referenced but no value is provided or b) you P/Invoke and crash and are trying to figure out why.

A quick search shows that https://github.com/NuGet/NuGet.Operations/blob/master/src/NuGet.Services.Operations/Secrets/DpapiNg/NativeMethods.cs has P/Invoked these. If NuGet's Apache license is compatible with your usages/needs you could compare your conclusions to theirs.

bartonjs
  • 30,352
  • 2
  • 71
  • 111