Re: What's wrong with my encryption function?

Well, you could use ProtectedData to directly encrypt the data, or you could
use it to encrypt a key you generate/store. If you encrypt the key, then
you'll get the same key back every time and then you can use that to encrypt
the data however you want. If you use a fixed key and fixed IV, you'll get
the same ciphertext.

Joe K.

Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
<egyptegypt@xxxxxxxxx> wrote in message
I realize it might be less secure but it's better than storing plain
keys and having a different encrypted value each time makes this task
(encrypting keys in key/value pairs) impossible since the key needs to
be the same to retrieve the value.

Is it even possible to specify the session key with the ProtectedData
class? I only see an optional entropy parameter...

Joe Kaplan (MVP - ADSI) wrote:
It is actually to your disadvantage to have the encrypted data produce
same value each time, as that lowers your security. Ideally, even if you
use a fixed session key for encryption, you use a different random IV so
that the ciphertext is different.

However, if you use a fixed session key and fixed IV, you will get the
ciphertext back.

Joe K.

Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
<egyptegypt@xxxxxxxxx> wrote in message
Do you know of another method that will always produce the same
encrypted value? I'm storing key/value pairs in isolated storage and
would like to have the key encrypted as well just to obfuscate things a
bit more.

GarthS wrote:
The ProtectedData class wraps the DPAPI, the following link - - details
api and states:
DPAPI works by generating a key from the current user's credentials
(generally their password, although a smart card will provide a
credential). It then generates a master key, and encrypts this with
generated by the user's credentials. A random session key is created
each call to CryptProtectData. This key is derived from the master
random data, and some optional entropy passed in by the user. The
key is then used to do the actual encryption. Rather than storing the
session key, the random data used in key creation is stored in the

So essentially everytime that you encrypt a partially random session
added to the encrypted data (which is then used for decryption) which
explains why the encrypted data is different even if the original
string is identical. You should find that decrypting the encrypted
return the same string.

"egyptegypt@xxxxxxxxx" wrote:

I'm trying to use the ProtectedData class to store encrypted data in
isolated storage but something seems to be wrong. If I call the
twice with the same string I get a different encrypted value each
Here's my encryption method:

private static string EncryptString(string Input)
byte[] ClearBytes = null;
byte[] EncryptedBytes = null;

ClearBytes = Encoding.UTF8.GetBytes(Input);
EncryptedBytes =
System.Security.Cryptography.ProtectedData.Protect(ClearBytes, null,
return Convert.ToBase64String(EncryptedBytes);

See anything wrong there?
Thanks in advance.