How to reset DPAPI key into the key ring?

Question

I'm new to using DPAPI so this is something I've messed up on my app because I've been redeploying between my work laptop and my personal desktop so now the key that DPAPI is using to protect my data has changed between environments.

Now I'm getting the error that the key isn't in the key ring.

I hit this answer where a link provided discusses configuring key storage so I've updated my code to persist keys to file system (while I wait for sysadmin to get back so he can set up blob storage on azure as an alternative) and this should work fine for dev anyway.

var path = this.Environment.ContentRootPath + "/Data/Keys/";
services.AddDataProtection()
    .PersistKeysToFileSystem(new DirectoryInfo(path));

I can see the key files being created, but the error persists because I don't have the key that the app is looking for.

So how can I get it to generate/use/look for a new key here?

score 0 · Answer 1 · answered Jan 04 '22 at 09:50

Oddly enough, it seems like completely reinitializing the app's database solved the problem.

My guess is it has something to do with the encrypted values that I stored in there (the DPAPI IDataProtector.Protect() output values). Specifically the fact that those values were encrypted with what I assume to be the key that the app was reporting couldn't be found.

Having reinitialized the database with new data, everything now works as expected.

How to reset DPAPI key into the key ring?

1 Answers1