By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,960 Members | 1,421 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,960 IT Pros & Developers. It's quick & easy.

security, passwords, and DPAPI

P: n/a
In the interests of increasing security, I came upon the DPAPI security
library available from the GotDotNet user samples repository. What I want
to do is create an applications that accesses a database with one single
password embedded in the program, so it may be run by any user on any
machine. I observe that one may specify a UserStore or a MachineStore for
constraining the encryption. That seems to imply that my application would
only work on a single machine. Is this true? Is it possible to use the
DPAPI and allow running on different machines?
Aug 30 '06 #1
Share this Question
Share on Google+
3 Replies

P: n/a
Hello Michael,

Yes, DPAPI is a good one for security data on a single machine since it use
the machine storage to help persisting the security key rather than our
application's own code logic which can prevent the key from be cracked.
Also, as you've found, the limitation is that the security key is specific
to the macine or user and can not be exported to other machines. Therefore,
when using the DPAPI, the data should be protected(encypted through DPAPI
api) at the application's initializaing time. For exampe, in the
application's installation time, construct the data and encrypted it
through DPAPI method.

BTW, what's the " GotDotNet user samples repository" you mentioned? If
you're using .NET framework 2.0, you can directly use the
"" class to encrypt/descript data
through underlying DPAPI api

#ProtectedData Class

Also. net framewrok 2.0 support encrypting configurationSection in
application's config file(app.config, web.config) through RSA provider. The
advantage of RSA provider is that we can create custom RSA key in the
machine container and export the key and install on target machine when we
need to deploy applciation onto other machine. So this is not limited to
single machine.

Here is a good msdn tech article describing encrypte configuration sections
through RSA provider:

#How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA

Though this article is dedicated to ASP.NET web.config, this appraoch also
appliable for normal .net application's app.config file. You can refer to
my previous thread discussing how to use it in normal .net application's
config file:

#Encryption of application configuration block

Hope this helps you.


Steven Cheng

Microsoft MSDN Online Support Lead


Get notification to my posts through email? Please refer to

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at


This posting is provided "AS IS" with no warranties, and confers no rights.
Aug 31 '06 #2

P: n/a
Thanks for your in-depth commentary; it will take me awhile to digest but
you have provided some good material and links.

To answer your question: GotDotNet (
is a Microsoft site (:-) for add-ons, libaries, samples, etc.

Sep 5 '06 #3

P: n/a
Thanks for the followup Michael,

Please feel free to let me know if you need any further asssistance on this.


Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.

Sep 6 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.