|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
DPAPI Decryption on different machineI posted this message in the microsoft.public.windowsxp.security_admin but I think it might be better in this list. Sorry about the duplication I'm just in a pickle and really need some help. ----------------------------------------------------------------------------------------------- I'm using the DPAPI from VC++ to encrypt some important data. My application works great but I want to test it the decryption on another machine with the same user creditials. This is to make sure that my customers can still get the data if there original system crashes. I can't seem to get this to work. I'm trying it from the same username:password but I still get an error during decryption. Do I have to copy of the MasterKey to the new system? I read that the MasterKey is stored in a .mky file but I can't find it anywhere on my system. I've also checked in the registry but can't find it either. Where is the MasterKey kept? Is the only way to get this to work is to setup roaming user profiles? This would be a problem since I don't want to limit our customers to ones that have a extensive network of client/server computers with active directory setup to use my application. Thanks so much, David June 1, 2005
hmmm.... I believe that the MasterKey is stored in Machine.config, but it is defaulted to AutoGenerate and therefore you will have to specifically input one. You will have to specify it on both computers in the Machine.config files. Then re-encrypt your data and try again.... The exact element has slipped my memory for the moment.... I do believe this is how DPAPI gets its key.... Hope this helps and let me know how it works! (This will break all other DPAPI programs and perhaps some others...) -- Show quoteHide quoteJoseph Bittman Microsoft Certified Application Developer "David Wathen" <DavidWat***@discussions.microsoft.com> wrote in message news:1ACE841B-BCDA-4134-9192-B681D46E5363@microsoft.com... > Hi, > > I posted this message in the microsoft.public.windowsxp.security_admin but > I > think it might be better in this list. Sorry about the duplication I'm > just > in a pickle and really need some help. > > ----------------------------------------------------------------------------------------------- > > I'm using the DPAPI from VC++ to encrypt some important data. My > application > works great but I want to test it the decryption on another machine with > the > same user creditials. This is to make sure that my customers can still get > the data if there original system crashes. > > I can't seem to get this to work. I'm trying it from the same > username:password but I still get an error during decryption. > > Do I have to copy of the MasterKey to the new system? I read that the > MasterKey is stored in a .mky file but I can't find it anywhere on my > system. > I've also checked in the registry but can't find it either. Where is the > MasterKey kept? > > Is the only way to get this to work is to setup roaming user profiles? > This > would be a problem since I don't want to limit our customers to ones that > have a extensive network of client/server computers with active directory > setup to use my application. > > Thanks so much, > > David > Hello Joseph,
DPAPI has nothing to do with ASP.NET - so the master key is not stored anywhere in the .NET space. DPAPI has two stores - the UserStore and MachineStore. If you use the MachineStore you will only be able to decrypt data on the machine where it was encrypted. The UserStore is machine independent but user dependent. You won't get a UserStore under certain circumstances - e.g. in ASP.NET or NT Services - because the profiles will not be loaded for that user. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > June 1, 2005 > > hmmm.... I believe that the MasterKey is stored in Machine.config, > but it is defaulted to AutoGenerate and therefore you will have to > specifically input one. You will have to specify it on both computers > in the Machine.config files. Then re-encrypt your data and try > again.... The exact element has slipped my memory for the moment.... I > do believe this is how DPAPI gets its key.... Hope this helps and let > me know how it works! (This will break all other DPAPI programs and > perhaps some others...) > > "David Wathen" <DavidWat***@discussions.microsoft.com> wrote in > message news:1ACE841B-BCDA-4134-9192-B681D46E5363@microsoft.com... > >> Hi, >> >> I posted this message in the >> microsoft.public.windowsxp.security_admin but >> I >> think it might be better in this list. Sorry about the duplication >> I'm >> just >> in a pickle and really need some help. >> --------------------------------------------------------------------- >> -------------------------- >> >> I'm using the DPAPI from VC++ to encrypt some important data. My >> application >> works great but I want to test it the decryption on another machine >> with >> the >> same user creditials. This is to make sure that my customers can >> still get >> the data if there original system crashes. >> I can't seem to get this to work. I'm trying it from the same >> username:password but I still get an error during decryption. >> >> Do I have to copy of the MasterKey to the new system? I read that the >> MasterKey is stored in a .mky file but I can't find it anywhere on my >> system. >> I've also checked in the registry but can't find it either. Where is >> the >> MasterKey kept? >> Is the only way to get this to work is to setup roaming user >> profiles? >> This >> would be a problem since I don't want to limit our customers to ones >> that >> have a extensive network of client/server computers with active >> directory >> setup to use my application. >> Thanks so much, >> >> David >>  
Other interesting topics
|
|||||||||||||||||||||||
