Hello Michael,
Yes, DPAPI is a good one for security data on a single machine since it use
the machine storage to help persisting the security key rather than our
application's own code logic which can prevent the key from be cracked.
Also, as you've found, the limitation is that the security key is specific
to the macine or user and can not be exported to other machines. Therefore,
when using the DPAPI, the data should be protected(encypted through DPAPI
api) at the application's initializaing time. For exampe, in the
application's installation time, construct the data and encrypted it
through DPAPI method.
BTW, what's the " GotDotNet user samples repository" you mentioned? If
you're using .NET framework 2.0, you can directly use the
"system.security.cryptography.protecteddata" class to encrypt/descript data
through underlying DPAPI api
#ProtectedData Class
http://msdn2.microsoft.com/en-us/lib...ography.protec
teddata.aspx
Also. net framewrok 2.0 support encrypting configurationSection in
application's config file(app.config, web.config) through RSA provider. The
advantage of RSA provider is that we can create custom RSA key in the
machine container and export the key and install on target machine when we
need to deploy applciation onto other machine. So this is not limited to
single machine.
Here is a good msdn tech article describing encrypte configuration sections
through RSA provider:
#How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
http://msdn.microsoft.com/library/en...6.asp?frame=tr
ue
Though this article is dedicated to ASP.NET web.config, this appraoch also
appliable for normal .net application's app.config file. You can refer to
my previous thread discussing how to use it in normal .net application's
config file:
#Encryption of application configuration block
http://groups.google.com/group/micro.../browse_thread
/thread/1bbeeb01ae5ca5c6/70dd27a4598ab060
Hope this helps you.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
