2

I am using the DPAPI C# ProtectedData class to encrypt some information stored in the database. I am using it both with and without the optionalEntropy. Encrypting the same data multiple times, the first 80 characters (~60 bytes, I believe, base-64) are always the same. Shouldn't they be different?

-- With IV
--AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAkraLxmIl/U+hiAubX7G2RgAAAAACAAAAAAADZgAAwAAAABAAAABeYhu/TmX3ElDcCasOgDnzAAAAAASAAACgAAAAEAAAAITDkfLO3IQj2Y5ZcOxga4wQAwAAlxD/aj4Rxn1/f4AQ23L3o05aYP/X7WfjCB2R3h25gvZLPic2ten1hUAqZbfnDYqQs2uA0xBoXO2CAcN4olsFrbRK6deFPH2crJD7n2rZ2+1x4fEeuhxINMaLWhRpioxsQz5g2PuJHT0EjoGOLSk1AW2G25aM1Bk/1Xex5qo/WfluEr/ER5pOT19ZWF/1x26UFSwDme6nMH8Ov8Kq7NHCafL67vuGfNqbK77RDU02w3Y4gjmXiVS6JZSRgfHGdeQAaBr3C/wUU4EqY7Q7iRXmll/A9y4GiElHXaUXAfE/aZCp3LrrX5Ea8GY54EEyQYSZOFvv8zNfid9Wa1iTeVLZoU8FsCYMgQc9s0F2Ul2EsAtPM+AmEUMklkZ/XhVrfn7qlEGCu1kpODn6ieaFiXkXG7ueBv4Fxb7ozifHyoOSYNIKgnhZNSiIii0XhRFHXiExyyTWYCBL2t7+wIy9DgJlad7IBKeVGzdAGdbXrYAF5l2XYdby+yn1RqfLlPFZ6PktSToKrYt4P9nsUCEfI27xB8Lrro1veypueRYna5D/VsA/5S3kobyy1HoAYI+UNKYL81fA9WdItXFz3hqWods9gBty4IMM41YDnaKSFiZ5ooh5UcXU+H35o0Z8NmICSroByfhrFZh3PRztdQK2kFQG4wS9pwyeoI6LnZHw9s4Kx44ws0w8piVq6dREHKpgwZAM2VbpM+UOIX49NchQoSHipSUf8rwqW77gc9sEBS+wffviLqpjjtbJaDZlxhVSCJJLtBzEz5ibjobGQwxt7vtHRkMaTPcxam5DGaNRc3VqCcnCZfefiGYMTybT9bqxkPLqcHI0T/Sj01FWyoTzD07+0RtRFJORyF9u/prVCU2lBdJlrC03CvjOKhtl2zXvHL75BTr77RiK0eRvvk59qLR2zInSmsroYBSnqFdzA77y5tXIVvvAlBbKT7oxWbC8cs1FWTPgcyRRl8FRjtOaSpHqapA1Nh3o3kTKQtgg8I64hGf7X6qMZ7RUB6f1iK0ef5Yc0UeKqVsI3c52Jx6zE6tR4BQAAAA3Kb6m/gDa2OpLda606AZm4ZsCEw==
--AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAkraLxmIl/U+hiAubX7G2RgAAAAACAAAAAAADZgAAwAAAABAAAACZk9icH5t4its48rTs4k9SAAAAAASAAACgAAAAEAAAAIT2MgGSZQAvQ1pz6bRTxUwYAwAARgCh2niYCfPAdACmXjcYy4WsRVfMztI9PPAWvZ5Ex/toizAM6xjWNpR8qHOl6Go8CsSgoCNDcAuvIBHBwYLBFO9J7Kg+eyzqeGkFZRSRT8oGdczFaHKtdhG28f+E4tFzmg3kGgjNhylPqhnOrq+j38PZHHesSjAaMgKvbIprIaXPhit/R45OYX9Y7Jlv0/knJygPvb0OcscfvpsLOdvL6lGMTTRd1IzSUspJJXHy2/NC/qRNLgTn2taqesT0r8mb6FIEDFDBKYZFratM5174hxsvNVyxcV3rCIDdegsCW/ezdHszwXfmM44aPx/cPbq3h6MpFf/ThaLmOukz3q2+E92JFX6doThvDun4vpf4VGpc+8DyGJ5mcbQ82btG7X4bsmkfvboYICL59Vx3u+hbRHcndFyem/7KPqPUHTy2cjkkii7kTh7695EAqDchzP7GaRB0KnlxiGz4nwomS84YHCszQWGTJtNY3J3IE9Yyj2EEdF7cQdHRJ0kF4u0rIrX6C5ljLjo0L08DCe6gG0KJJcW9GcV7rrWf0u0O4V5BSDrg0R/qGi31JUB0d4DNTDaKX2Zc6UDwyA2aXAtlPTi2biOo3RiZ6QwKrn6iZYb+zD5IyJYbJvP3YZQFBqSflYcaQMIEeCAl4RQW20FeehuFZQkjcsJVzZCPWYQOSSLdwIOsQblxIvZ8x+M2nWuy507N4/NpAVRa13LPyfDW6LwR8ENivZIUzqCna8vKdfeO8zj8PWFdi4sjYnjP7XZvRiBKSUEkumUZAsCNOo/HEJesMNkYi5o8PtaO8wRTXxIoAbHXMh3SIoWFcAOcBjH48EqMwjwugBxRG32T8xdON5SGsvHlnN/HgXBcWMMt6cweVXDNelIIIHahRipQRUepPx9AcgZmocGrf5ro619hZi7du983TLeTPYssMbwfVKrdtHBLfaIJWyzkzV8v+6Djt7LumOJUB9oNJ3n3SNlQCcnYD/1FfAi1hJnedEBKYuKhqK2Zf7fxZ5pvDk1ioGUpxFD+McpHJt6iRNYSNlRU1WLECaAmDcMLCz/+FAAAAJk418ZTTnqXBCDOsqmuS1H2oBiX
--AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAkraLxmIl/U+hiAubX7G2RgAAAAACAAAAAAADZgAAwAAAABAAAACQe8sdaw8By96VuH6HJT2uAAAAAASAAACgAAAAEAAAAPv21inabydfg/2ZBOqTexYYAwAAUYbwpFUZ7Tm1l1OG2p6m32uruGMGhYqLje+Wd9PXoRnuwsKRQK5J+nuXIrc1zggAQBiPAQnpLcz1ePW3z/woeZd9HduYJ1x24J3h9jPapGif+d3GF01oKG8/FGgj/IftF2DJCqPwS6f7w5Y2WGj88gQ22znggy3p8oluIxold6bk8K+LnL1JQtKg2mzkOXyYsyln9FeKT78cErTZxvq5NwXp5cIpBhN3eVMNGtWTozrRq//Z/+uJnDB6wAIf08cyISRvRhOqlUiUYchJtvmFUwEjSzVs0KPEEc9xVr0QZ4B+mj3UuHpZtHkygDwFCRl6nb7US285hAt/DDP9w7Z/ZvCNfGaWx+E9GZGpb65kIy/XAWMc3IdeqKB0K4svbteHpu5KLVnbvhhkYsCTQg5RdeHCVH4V5xN/8BWKjMByh9JhJC7zhNS5fULOvVZ5neIzJQxvtMHN89Lna/cH50EISGYcmmwanEDMS2oUT5WLDVIfrev6TK4rJLvEBWhhBzARf62Zn5ZKHO7e0AYsZ3cBZQ+jg3tZLYi5NFIvpN6+oQw/EmdjEbv8Q3yVDzv+WWMqEAHiesy2iFbfu0sesKudVzaVAHGZUziqR7uZVu46HdL3vZd7uW/RBwAQ2yTA9ImVq3NuDQSIelUTe16iGlY7qjf1LJSw7QghtwizPTPiGhut9/JSjQMeaEbkXmzAulhRqAYHlrhf2QUN31JVleqVZpSFGe2hu/FlAeDsAHD1x2jAyNVRXxI8X24DgLDft31Ko5TKZErTD4N/3MeEph4gS/pTr/lsysBN82A6r4c0T0l/xJh0HHK/fUl1VaUxgIJyGECCdJCdKJJbGCg9h58t6QyAfftIDa+bdi+vxtp0/8WZ7+z8Oo+3AqM0ONttuVWkgo1UngwcCV29RjpxTA/jxpUqbLXRnKv9mYRK7lmCC5u/iO13urOKY3m1gdZLSJfd/GL/vmt+eD3Fyxhvw0+9ENQEMLZyS5u7mtIRpRR3aa7V9OclUL0F+uAuc2ZvamiLyWAF+WB1xkI2DYVwy3EnZ8li0BWRJpugFAAAAABQuMz6aXwNxNy+2SS9Rqpvx3vz

--Without IV
--AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAkraLxmIl/U+hiAubX7G2RgAAAAACAAAAAAADZgAAwAAAABAAAAA4Cr5fLKuGjJ2Q06TaR6RWAAAAAASAAACgAAAAEAAAAG9ErpvxFQvJ2Fu1uka7TvcYAwAAztPCzyhCrO6qLMDuySxTnZrX7+2p73DqbBOk0C/e3r6MeYzlya/FRXVtuHRg/5abj4AVaHFITVcrC75XOwfnH7MAEaz3SpOKtLlIIusG/iNxAZjI1t3PhkfgF++IWUcVwcu9aMlNNgcoJQ9/JhQ9f1w91ouIX+d0Zkl9OoJt/tPFQqp33Gbg3xTjJPARuRz1OL6bvnuTCRCpFzfkkBv5bf15bUooiYGFlnBNge0FcN4ZQWaX783+pECfwJYfmrQqFBkt8mHUySCJhUbX1QLtsYixY21DvIcV2jGO7J6TzqMI8GzHJxYRVLJLfho2Jfe5Y9qcGs/8f6SDCWGyj4OH0E82oJ8kdnX/XVI8QZsd3LgJrbWZiAAIs8kEUks463TqkyQytzH2Hu8K2N7/LAclUh6/OQ1o4VIJb2QJHTOkDUMyRz2uT/LQTGvf+Ae7mdf+fyO5PP+sYZ/rKEUFCu+Pij2p/v+Ap+N++QtTgt8OD+KB0bhxAzxe24gL9eidcjulpzGQkS/ndn4oQgOmw50g1+vlTeCFyZKNO2dn0oPGhzYnr7n+tbHrxwEl2r0du7TjYjdN9kq+5ozysXIega59PseJTfZqWiKsmXdEqt5gO51gqCcQyBhCbmdri1cXxLGCaD6a4ePm2pInyeqAK4SIc+vDVReEBVdXU9nTO1JV10J02lsGjEe+E0DCIbBv+46pLIs/Bkp4Omzc02SodS/S1c5roCO0fb7sICammCxvfwnV9rlG0JUIQjB3R3iPaKWey8ECtwocF8l1iwvB3XVAl9HFmz+4eN4+LFE5t33CiXX7lT/F06O/d6mqoeBn4yEfpX9GRuGZHE2l1AXAiNbCSG6htHv5qttKM81ASowCfhp5FmIGUBPjV7Dp8apIf11aKEuBfeR4LUudRjy7hCOdhk1oGEs0/9M+mPjJl8/NKZW7VqWBoDrlKHfl1dq3lMVefu5vb0pRTFQLee+F5SH2Eeot/XrWJUBY1KyYzn2iKNv1geiJp0X0/RwYLTwyZrDHiY6KabSUgNOhpy0JdMoGaYEOYu8Nxw0SFAAAAJR6dbJ2TFGVdTtNwipkUNM3A4nG
--AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAkraLxmIl/U+hiAubX7G2RgAAAAACAAAAAAADZgAAwAAAABAAAAAvDw1h+sICMWEv8X9CoF0UAAAAAASAAACgAAAAEAAAAKU1Ykjkl7yZbiNLvdl9SckYAwAAOS6tLOAqpBDudnjs3MOvPiV0YKw9T6YKgoqi+5lh5/jcVutKdUlHEJ1zMTSDCSO1Adqbid4HS2WJvRMc5hcHNu3RSmsbt/uj6ag28SqaWJRD+o5k3SOXncDycqzwghfVlmeDhbrU/GdUtWhOoyNrLHH9hE58FkmcmSeiwJvx36cqqLZ98tyP1Ouutts8FMaiMLhsKuMam88yXZqPFprvK2+9qAiqxo4/99Q6OeH+uAIHwYQj84DLUKBv7KujkBwn86blKusPyfrpNs78C6fFzRgieqmj80V32LR2q+dPg5IvvIM9KE6soX+LtZovNcyxjjEq+YGvfbtxErofg6rGHz7mQTSVbE2EnAzCWad+R2unJYwLXH8+39b6qHqI8ZMS20I5M9b6fq8Fk7cBC49G0pvMcg5/zyVO53yfGvbX9OAkbqiOXYt4El8U4Z/mpDPaasNLhKyqPIelewRgrn49O4GpRbSDFi1OoZmmFRXNdLn9A9KOmQwGZ1qaiyIkUh2ffC/D6Lz0HfoMEZOHUsp7E0T1IoEC/FEm7XQ+uS095Rj5hemWQtKilyew0/8IseDtIBpJ4NLgaj0JGqVoGTAP58DPtSG9QKaIHVjLyxF3PpEwijx88TZITkBqtD/W9Thcc77bGgYcHYoe12JPFRaRyM/w0+RmTuQTQ+E+M+mA7UqPUvcpqjMzhQER/aF01uKeftTLL+oZOjDOCP77pAWsrsgQhbZjRduK+MBD4UG2FI5IihVKgxEMbz/0r4RP3xBzoYXUXjnxIdXLna4q3655WHysPueX3SnsZuznDZyXlzMTRriEbWXs+Bac5CkbnWN9hT6nBwCOxqzVG96+hfSVT8/KcX+LZsAUbWUEEqlZQqAqsV4MDDdYtJ+FNKmybybWAEqt7MCkDU7oBN7dmMMYDqHMFg2mWmSUgkJZZfBu9a7e6jNo6BZGUFyvZ+I0DcWnu2WuK4v4UZSrAq6WAF7Zu3y/mi4WDtooVMUuSkwxAZdjWs58h0I5Y0ItRdUNTsANb03Ly02+cGoV1Spq7JrM83YSgo6CcMl4FAAAAEDtOUgoQY0yK0z3aBJQsc1GeYud
--AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAkraLxmIl/U+hiAubX7G2RgAAAAACAAAAAAADZgAAwAAAABAAAABuCnd3sXXYFg5I8OqyJyLCAAAAAASAAACgAAAAEAAAAFhW27X3Ux6KL8vnTuB63/cYAwAApHRMxgwDAaRkLkzqdCDwx5ADBemPNXY6xvJxgwScJmj5vhjXrcC4n6KlqSg3jXliKNK9gCU72feimavzGl/W68VJ2gw+HaN9aDmqF/y4SPrtdSxyaF1xGkeT2CzTBanf2kAZXwwZu2GhotABuknC08WZAx8R88Mz/ZinGJz4xjwPAmbSbPEHPiTRnxnrbUfH8bKqFhTR3r7AoopalC+UOkFyk6giobcKny/iXf3UZWLru8WKSlYAHxfmYTNGYuJqA69kCtd1RhlBrC+eOSE00iePI33BfKsw56cGYqOVYdDVx8UD8+h8f1nFkmPL+tAjZWOsoIYt+MIUD/9znu7Qio0LHVpePKN1VEjqv10cPJo3JadqCrllwuXw/skx0H1P9MQ49T058+D1cytZ/glJXqWI0VXTRWTMbVeTpAkV85ygyyMj4Nnlzk1o6jikjJCRi2STe6F97/oySp5Gd3I/kQkTmkGTIZwRLUVJEOFTJU25ujbIr2s12a8rH77670R4/u7fC9RWy6/8Cknvmn2upKg5LkxVC8WXaJLTDtHH7B0TGX5ElmHLywclcOvDhIIUmxyJ3AhsPpKrXQ4FzXTGsHemSxQiyxGz/RUCkcbz/JQIHfQ7I6YkpmnflqYL64kFW+ztDcR9DtqI612MPrZDtd1DY9KYr8UlcIW7WH2hL9lN6j3t8D1AWdUC3iOZlIMTB2Eu+WPLm8ZPKm7wstZHiv9ES8ftx+6mUst1yaYTbZgND5YQP09qu+9KFzJ6erYPE7m/EbRR4ZLiHMUdres14QEtNfxQJSK3uf4oEugS8+UrU+n7kR4lWE0XFobP3Ir9HtjXdfrZgCBTe0/O9y7VugnWQwWI8QOycyZpI5mX0MkGU3jrw1KL8KSscvKwLQNq2fNx8J13I/OsLfdGLDn7F+QpSlNtJ1f8FlD8C2YEhDlr2domEbCzY5J/BhP/cZ/pKaXU9Pyu/m9tx9NqBFlUaAsNZE8kJ2CIgeBFcmzKJ7R9Tpm63koI8k4reroq1GuP3qAl+zQrWfmD+lFrgUdNwwU5Daf7xecTFAAAACWL2nJHbkoERVs3eeBudQFux

CCY

Kyle W
  • 131
  • 4

1 Answers1

1

DPAPI blobs contain more than just the raw encrypted data. They also have some metadata, like the structure version, the GUID of the cryptographic provider, the GUID of the DPAPI key, and so on. You can read more on the various fields on this Passcape page.

Using this Base64 decoder, I see something that looks like a DWORD representing the value 1 (01 00 00 00). That's followed by the standard GUID for the Windows DPAPI provider. After four more bytes that look like another DWORD, I see something as wide as a GUID: 16 bytes. That's probably the DPAPI key's GUID.

That all adds up to 40 bytes, and along with the other cryptographic parameters (e.g. the algorithm used), you get your constant roughly-60 bytes. The actual encrypted data is indeed very different in each case.

Ben N
  • 2,491
  • 1
  • 12
  • 22