1

Folks, I need to encrypt some string data into a SQL database from and MVC Core 2.0 application. I'm thinking of using the Data Protection API with PersistKeysToFileSystem so that I can restore the data to another server and decrypt the data using the same key file. I am impressed with the performance of the DPAPI in Net core and I don't want to fo for any custom crypto solution as its too risky. I would be storing bulk uploads of data to SQL. Strings before encryption would be 200 chars or less.

I believe that DPAPI is considered more suited to encrypting small pieces of data e.g. passwords as opposed sql bulk operations. Do folks consider using DPAPI to encrypt data into a database a good use case?

mikelus
  • 927
  • 11
  • 25

1 Answers1

2

The Data Protection API is not necessarily only for small pieces of data, but it is meant for relatively transient data. In other words, it's not really intended to be used to encrypt/decrypt long-term. The keys will be cycled at some point, and while old keys are kept around to allow for transition to new keys, you should not really rely on that.

According to the docs:

The ASP.NET Core data protection APIs are not primarily intended for indefinite persistence of confidential payloads. Other technologies like Windows CNG DPAPI and Azure Rights Management are more suited to the scenario of indefinite storage, and they have correspondingly strong key management capabilities.

It does go on to say that you can do so if you desire, though. However, things have to be handled in a different way if you might potentially be working with revoked keys. The documentation link above goes into all the detail on that. However, bear in mind that you're inherently operating on your data in a less secure way, since you're explicitly allowing revoked keys to be used to decrypt data.

Chris Pratt
  • 232,153
  • 36
  • 385
  • 444
  • What are the ways in which a key can become revoked? – mikelus Aug 28 '18 at 15:46
  • Every 90 days by default for one. – Chris Pratt Aug 28 '18 at 15:48
  • Oh right. I thought they "expired" (as opposed to "revoked") after the default 90 days, but that "expired" keys can still be used to unprotect. What about setting SetDefaultKeyLifetimeto something much bigger? – mikelus Aug 28 '18 at 15:56
  • You can do that, but again, you're making things inherent less secure. Keys can be leaked. The longer you keep them, the greater chance they'll have been exposed. – Chris Pratt Aug 28 '18 at 15:59
  • Yep I see that. Still not sure about the difference between "Revoked" and "Expired" is and thatis worrying me. What actions cause a key to be "Revoked"? – mikelus Aug 28 '18 at 16:09
  • It's essentially the same thing, except "revoked" is more inclusive. Keys can always be explicitly revoked, in which case they wouldn't have necessarily "expired". Whereas all "expired" keys will be revoked. – Chris Pratt Aug 28 '18 at 16:12
  • It seems that expired and revoked are quite different. A key must be revoked manually. The framework does not revoke keys by itself (as far as he knows) :) https://github.com/aspnet/Docs/issues/8306 – mikelus Aug 28 '18 at 17:34