<egyptegypt@gmail.com> wrote in message
news:1154985102.110687.105810@h48g2000cwc.googlegroups.com...
> Do you know of another method that will always produce the same
> encrypted value? I'm storing key/value pairs in isolated storage and
> would like to have the key encrypted as well just to obfuscate things a
> bit more.
> Thanks.
>
> GarthS wrote:
>> The ProtectedData class wraps the DPAPI, the following link -
>> http://blogs.msdn.com/shawnfa/archive/2004/05/05/126825.aspx - details
>> this
>> api and states:
>> DPAPI works by generating a key from the current user's credentials
>> (generally their password, although a smart card will provide a different
>> credential). It then generates a master key, and encrypts this with the
>> key
>> generated by the user's credentials. A random session key is created for
>> each call to CryptProtectData. This key is derived from the master key,
>> some
>> random data, and some optional entropy passed in by the user. The
>> session
>> key is then used to do the actual encryption. Rather than storing the
>> session key, the random data used in key creation is stored in the
>> encrypted
>> output.
>>
>> So essentially everytime that you encrypt a partially random session key
>> is
>> added to the encrypted data (which is then used for decryption) which
>> explains why the encrypted data is different even if the original clear
>> string is identical. You should find that decrypting the encrypted data
>> will
>> return the same string.
>>
>>
>> "egyptegypt@gmail.com" wrote:
>>
>> > I'm trying to use the ProtectedData class to store encrypted data in
>> > isolated storage but something seems to be wrong. If I call the class
>> > twice with the same string I get a different encrypted value each time.
>> > Here's my encryption method:
>> >
>> > private static string EncryptString(string Input)
>> > {
>> > byte[] ClearBytes = null;
>> > byte[] EncryptedBytes = null;
>> >
>> > ClearBytes = Encoding.UTF8.GetBytes(Input);
>> > EncryptedBytes =
>> > System.Security.Cryptography.ProtectedData.Protect(ClearBytes, null,
>> > System.Security.Cryptography.DataProtectionScope.CurrentUser);
>> > return Convert.ToBase64String(EncryptedBytes);
>> > }
>> >
>> > See anything wrong there?
>> > Thanks in advance.
>> >
>> >
>

<egyptegypt@gmail.com> wrote in message
news:1154988513.890224.78690@h48g2000cwc.googlegroups.com...
>I realize it might be less secure but it's better than storing plain
> keys and having a different encrypted value each time makes this task
> (encrypting keys in key/value pairs) impossible since the key needs to
> be the same to retrieve the value.
>
> Is it even possible to specify the session key with the ProtectedData
> class? I only see an optional entropy parameter...
>
>
> Joe Kaplan (MVP - ADSI) wrote:
>> It is actually to your disadvantage to have the encrypted data produce
>> the
>> same value each time, as that lowers your security. Ideally, even if you
>> use a fixed session key for encryption, you use a different random IV so
>> that the ciphertext is different.
>>
>> However, if you use a fixed session key and fixed IV, you will get the
>> same
>> ciphertext back.
>>
>> Joe K.
>>
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"
>> http://www.directoryprogramming.net
>> --
>> <egyptegypt@gmail.com> wrote in message
>> news:1154985102.110687.105810@h48g2000cwc.googlegroups.com...
>> > Do you know of another method that will always produce the same
>> > encrypted value? I'm storing key/value pairs in isolated storage and
>> > would like to have the key encrypted as well just to obfuscate things a
>> > bit more.
>> > Thanks.
>> >
>> > GarthS wrote:
>> >> The ProtectedData class wraps the DPAPI, the following link -
>> >> http://blogs.msdn.com/shawnfa/archive/2004/05/05/126825.aspx - details
>> >> this
>> >> api and states:
>> >> DPAPI works by generating a key from the current user's credentials
>> >> (generally their password, although a smart card will provide a
>> >> different
>> >> credential). It then generates a master key, and encrypts this with
>> >> the
>> >> key
>> >> generated by the user's credentials. A random session key is created
>> >> for
>> >> each call to CryptProtectData. This key is derived from the master
>> >> key,
>> >> some
>> >> random data, and some optional entropy passed in by the user. The
>> >> session
>> >> key is then used to do the actual encryption. Rather than storing the
>> >> session key, the random data used in key creation is stored in the
>> >> encrypted
>> >> output.
>> >>
>> >> So essentially everytime that you encrypt a partially random session
>> >> key
>> >> is
>> >> added to the encrypted data (which is then used for decryption) which
>> >> explains why the encrypted data is different even if the original
>> >> clear
>> >> string is identical. You should find that decrypting the encrypted
>> >> data
>> >> will
>> >> return the same string.
>> >>
>> >>
>> >> "egyptegypt@gmail.com" wrote:
>> >>
>> >> > I'm trying to use the ProtectedData class to store encrypted data in
>> >> > isolated storage but something seems to be wrong. If I call the
>> >> > class
>> >> > twice with the same string I get a different encrypted value each
>> >> > time.
>> >> > Here's my encryption method:
>> >> >
>> >> > private static string EncryptString(string Input)
>> >> > {
>> >> > byte[] ClearBytes = null;
>> >> > byte[] EncryptedBytes = null;
>> >> >
>> >> > ClearBytes = Encoding.UTF8.GetBytes(Input);
>> >> > EncryptedBytes =
>> >> > System.Security.Cryptography.ProtectedData.Protect(ClearBytes, null,
>> >> > System.Security.Cryptography.DataProtectionScope.CurrentUser);
>> >> > return Convert.ToBase64String(EncryptedBytes);
>> >> > }
>> >> >
>> >> > See anything wrong there?
>> >> > Thanks in advance.
>> >> >
>> >> >
>> >
>