IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [windows-dpapi]

The Windows Data Protection API (DPAPI) provides operating system-level data protection services to user and system processes.

The Windows Data Protection API (DPAPI) provides operating system-level data protection services to user and system processes.

28 questions
8
votes
1 answer

How secure is my DPAPI Master Key if I enable biometric login?

I understand that Windows DPAPI master keys are encrypted (directly or indirectly) with the user's login password - see e.g. Does DPAPI works if a user hasn't a login password? If I understand that correctly, it means that physical access to the…
GS - Apologise to Monica
  • 183
  • 9
7
votes
2 answers

Is there any reason to use AesManaged over DPAPI in this scenario?

I have a situation where my web application is going to be deployed on multiple web servers, and I'll be wanting to store some securely encrypted data on the DB servers (each web server has a DB server paired with it). Now, what I was thinking of…
Jez
  • 275
  • 1
  • 11
5
votes
1 answer

Does DPAPI works if a user hasn't a login password?

I was wondering if the DPAPI will still work properly if a user doesn't have a a login password (like most of the home users). I can't find this information on Google or in the official documentation and I can't test it because the computers at work…
Fabio
  • 65
  • 4
4
votes
0 answers

copying roaming profile credential file of another computer

I am trying to recover login information of another computer. I have managed to copy the local/roaming profile credential files located in C:\users\%username%\APPDATA\local\Microsoft\Credentials\ and…
Syler
  • 151
  • 3
4
votes
1 answer

BitLocker with Windows DPAPI Encryption Key Management

Disclaimer: I realize that I posted this question on ServerFault, but I have not received any response there. I am hoping that this forum might be a more appropriate place to post this for a response. If I am incorrect, please let me know and I'll…
bigmac
  • 141
  • 2
3
votes
0 answers

Storing Recoverable Passwords In An App

I'm working on a project where I need to store and recover a password. I can't use a salted hash for authentication because the password is used to secure an HTTP connection via HTTP Digest. I'm not in charge of the protocol on the other end, so…
Stephen H. Gerstacker
  • 131
  • 2
2
votes
0 answers

Where should I store encrypted data so as to have app-exclusive access?

I am using windows Data Protection API (DPAPI) to protect private key used in my application. I cannot hide entropy used in DPAPI call because my application needs to be open source. Where should I store encrypted data so as to have app-exclusive…
Nilesh
  • 131
  • 5
2
votes
1 answer

Is it possible for me to extract my own AES disk encryption key?

I use Check Point Full Disk Encryption, but hope that this question can be answered generally. Is it possible for me to get, or extract, my own 256-bit AES key? By the way, I don't use any special password for the decryption itself, so this key…
bobuhito
  • 230
  • 1
  • 8
2
votes
1 answer

How do browsers import password data from other browsers?

Specifically, how did the new Microsoft Edge (based on Chromium?) import my passwords from Google Chrome (which are synced to my Google account and supposedly secure)? I'm on Windows 10. Does Windows have a standard password exchange medium? What is…
user1857492
  • 135
  • 4
2
votes
1 answer

Did changes in Google Chrome 80 weaken cookie and password encryption?

According to Arun on StackOverflow “Starting Chrome 80 version, cookies are encrypted using the AES256-GCM algorithm, and the AES encryption key is encrypted with the DPAPI encryption system, and the encrypted key is stored inside the ‘Local State’…
user115400
2
votes
1 answer

Why does my DPAPI data start with the same bits?

I am using the DPAPI C# ProtectedData class to encrypt some information stored in the database. I am using it both with and without the optionalEntropy. Encrypting the same data multiple times, the first 80 characters (~60 bytes, I believe,…
Kyle W
  • 131
  • 4
1
vote
1 answer

How can i store encryption key into Microsoft provided Key container?

I'm working on an application in which user will enter encryption key via GUI and my app will fetch that encryption key. Now i need to store that received key into Microsoft key container. I got this and this as a starting point and i know that i…
liveforFun
  • 5
  • 1
  • 5
1
vote
1 answer

Securing an IIS application with a complex configuration

I'm in a bit of a pickle. I've got an IIS application which accesses an SQL database (on a different machine). This already means that: a) the IIS application needs to have a connection string to the database containing the password b) the IIS…
Shaamaan
  • 380
  • 3
  • 12
1
vote
0 answers

What are some good design practices for cross-platform certificate storage?

Question from the Bouncy Castle development list: At present we use the Windows certificate store as: var store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly); var certs =…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
1
vote
1 answer

Windows 10 master key folder empty

I am currently trying to decrypt my files from my old laptop. I have a backup of the user folder of the old laptop and I am trying to find the old user master key to decrypt my files based on mimikatz wiki. However, when I look at the master key…
ChrisG661
  • 11
  • 2
1
2