Stack Overflow
Stack Overflow

Questions tagged [dpapi]

DPAPI is the API in Windows that allows a program to store "secrets", like passwords. It is used by Microsoft in IE and storing WiFi passwords and private keys for EFS, and also by Chrome for Windows and Safari for Windows, to store website credentials.

150 questions
0
votes
1 answer

I want to encrypt app.config without DPAPI

I want to encrypt app.config but DPAPI configuration can be decrypted by any other developer so what is a better way to encrypt app.config other than DPAPI.
Ajay Nikam
  • 1
0
votes
0 answers

How to set to use DPAPI or not?

I learn about WIN API methods responsible for secure storage. I read about CryptoAPI and DPAPI: "The public DPAPI interfaces are part of Crypt32.dll and are available for any user process that has loaded it. This DLL is part of CryptoAPI." So…
RuF
  • 548
  • 1
  • 11
  • 31
0
votes
1 answer

How do I decrypt RSA keys from Windows Key Store?

In this path: %APPDATA%\Roaming\Microsoft\Crypto\RSA Keys are stored there but I can't make use of them. When I open them in a HEX EDITOR, I can only see parts of it, the remaining parts seems to be encrypted via CryptoAPI. How do I decrypt it?…
user3462249
  • 21
  • 4
0
votes
1 answer

using DPAPI from windows logon

I would like to read and unprotect on windows logon stage some data, protected using DPAPI CryptProtectData() with CRYPTPROTECT_LOCAL_MACHINE flag under some user. Or it is possible only after logon under real operation system's user?
vard
  • 2,142
  • 4
  • 30
  • 40
0
votes
1 answer

Privacy protected RPC Channels

As the title says, i'm wondering what these are. I know about RPC but what do the prefixed adjectives mean? P.S.: I came across this term while reading about DPAPI @ MSDN:…
user720694
  • 2,035
  • 6
  • 35
  • 57
0
votes
1 answer

DPAPI with ASP.NET Service Account

I want to encrypt data before saving it to the database. The access to the data is controlled by the application. So anyone with Admin role should be able to see the data. I want to be able to protect the encryption key used to encrypt/decrypt the…
Jay
0
votes
1 answer

Windows credential roaming - how are password protected keys sent to the AD server?

I'm trying to figure out how to Windows credential roaming is implemented. I have found that it will roam certs that have been strongly protected with a password (optional entropy to CryptProtectData()). I can't see how this could be done unless…
paulm
  • 5,629
  • 7
  • 47
  • 70
0
votes
1 answer

Whose Password does DPAPI use to encrypt?

I am employing DPAPI to encrypt my asp.net config file. From my brief reading of DPAPI, I know that it uses Windows Password as the key to do the encryption. The questions, whose windows password? If I have a asp.net web app, and I hook the config…
Haoest
  • 13,610
  • 29
  • 89
  • 105
0
votes
1 answer

This protection is secure? (saving credentials in dll) DPAPI and C#

I am developing an app (in windows phone 7) that manages basic data: customer data (or contacts) and orders I want to protect the credentials to access to the database. I want to do the following: xxx.dll I have put the credentials in the dll…
aco
  • 819
  • 4
  • 15
  • 32
-1
votes
1 answer

DPAPI doesn't require admin permission

The reason why DPAPI doesn't require administrator rights is Is it because it uses the user's password as the key value? If I am mistaken, please comment. Sorry for My English skills. Have a nice day!
Choi
  • 1
  • 1
-1
votes
1 answer

Different result in CryptProtectData

I tryied to crypt decrypted infromation by using CryptProtectData on C++. But in result i getted different results. My code: FILE *one =fopen("firstencrypt", "wb+"); FILE *two = fopen("secondencrypt", "wb+"); DATA_BLOB encryptdata , decryptdata…
Free Login
  • 3
  • 3
-1
votes
3 answers

Is it possible to protect a secret based on Active Directory (or other SSO) Authentication?

I have an application where, ideally, users will sign in using AD. I also need to store an encryption key for each user which should be encrypted before it's stored. Is there any mechanism which AD, kerberos or any of the social SSOs provide which…
CamW
  • 3,223
  • 24
  • 34
-1
votes
1 answer

Can I use both LocalMachine and CurrentUser at the same time?

How can I use both LocalMachine and CurrentUser at the same time in Data Protection API Scope? I would like to enhance the security.
Southsouth
  • 2,659
  • 6
  • 32
  • 39
-1
votes
1 answer

Data protection API suddenly very slow

Our application is using the Data Protection API (via the ProtectedData class) to encrypt a password before storing it. It was working fine until recenly, but suddenly the Protect method started taking 2 seconds to return (instead of about 0.5ms).…
Thomas Levesque
  • 286,951
  • 70
  • 623
  • 758
-2
votes
2 answers

Encrypting a login password to use on multiple devices

It may be that I have thought about this too much and have over complicated things and tied myself in a knot. I dont know a lot about encryption either so that does not help. I have an app that has fields that are encrypted using an AES class (that…
Craig
  • 19
  • 3
1 2 3
9
10