Re: Size of Entropy with Dpapi Encrypted Connection String

From: charlestek (charlestek_at_yahoo.com)
Date: 03/15/05

• Next message: Vlad: "Web forms authentication, should I use it?"
• Previous message: Alek Davis: "Re: Encryption question"
• In reply to: Alek Davis: "Re: Size of Entropy with Dpapi Encrypted Connection String"
• Next in thread: Alek Davis: "Re: Size of Entropy with Dpapi Encrypted Connection String"
• Reply: Alek Davis: "Re: Size of Entropy with Dpapi Encrypted Connection String"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 14 Mar 2005 18:28:16 -0800

Alex,

I am doing TWO things with the dpapi.
I am decrypting my text encryption string, stored in my web config,
already encrypted by the dpapi once.
as well as decrypting a dpapi encrypted aes binary symmetric key stored
in the web config as well.

The connection string is used for my database access by the classes that
need it, and the symmetric key is used to encrypt and decrypt info in a
table in my database. Each encrypted row in my database has an IV for
that row stored as well.

For some reason, it Appeared that if I didn't use a binary entropy value
that was the same number of bytes as the symmetric aes binary key, I had
problems with encrypting/decrypting the symmetric aes binary key with
the dpapi.
That however could be coincidence, and I had some other bug
that was causing the problem.

In addition, now that I have the dpapi encrypted binary
aes key in my web config, when I use a class to encrypt and
decrypt some arbitrary text, I'm getting an invalid keysize
error upon decryption only. I forwarded the code about this particular
issue to Dominick recently.

If you read the MSDN documentation about the innards of the dpapi it is
hard for the lay person such as myself to understand the mathematics of
the entropy in the dpapi algorithm.

Phil

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

• Next message: Vlad: "Web forms authentication, should I use it?"
• Previous message: Alek Davis: "Re: Encryption question"
• In reply to: Alek Davis: "Re: Size of Entropy with Dpapi Encrypted Connection String"
• Next in thread: Alek Davis: "Re: Size of Entropy with Dpapi Encrypted Connection String"
• Reply: Alek Davis: "Re: Size of Entropy with Dpapi Encrypted Connection String"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Encryption Key Question ... Here's a very quick explanation of how DPAPI works in Windows. ... > used to encrypt the user's secrets. ... the master key can not be decrypted. ... > that there are no universal solutions in security. ... (Security-Basics) Re: DPAPI implemented in Crypt32.dll ... The DPAPI API for encrypting data is CryptProtectData. ... > Encrypt / Decrypt is called from my Visual Basic 6 code. ... (microsoft.public.win2000.security) Re: Size of Entropy with Dpapi Encrypted Connection String ... > I am doing TWO things with the dpapi. ... and the symmetric key is used to encrypt and decrypt info in a ... > that was the same number of bytes as the symmetric aes binary key, ... > decrypt some arbitrary text, ... (microsoft.public.dotnet.framework.aspnet.security) Re: Web.config or App.config Security ... I would be surprised if you could use Data Protection Provider from a Web ... If I understand it correctly, it uses DPAPI, but DPAPI (with ... .config file. ... > encrypt all my configurations files. ... (microsoft.public.dotnet.security) Re: How can I use AES to encrypt something less than 16 bytes? ... > For four rounds, pad the right half to 16 bytes, encrypt it with AES, ... decrypting the message does not have access to the plaintext password. ... the server must not have any flexibility in its protocol. ... The System A will pass the authentication data to System B, ... (sci.crypt)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint