DPAPI and WM 2003 SE/WM 5
I was wondering if there was anyone else who is having some difficulties using the DPAPI Crypto calls of WM 2003 SE/ WM 5.0.
What I am doing
=============
I am creating a library that wraps the provides RSA, 3DES, and RijnDael cryptoghraphic providers. As a part of this, the use of symmetric keys for the 3DES and RijnDael presents me with an interesting problem: how to securely store the symmetrtic key.
To this end, I have gone down the path of using the DPAPI Crypto unmanaged API. I have tried using P/Invoke, as well as using the OpenNETCF 1.3 ProtectedData classes, but to no avail.
The encrypt works great, and produces encrypted data nicely. However, I run into problems when I try to Unprotect the data. After much cursing and gnashing of teeth, I found the error message:
"The data is invalid."
The following is the code that I am using:
Imports OpenNETCF.Security.Cryptography ... saltBytes = Encoding.ASCII.GetBytes(desParams.SaltValue)
derivedPassword = New PasswordDeriveBytes(desParams.Password, saltBytes)
derivedKeyBytes = derivedPassword.GetBytes(DEFAULT_KEY_SIZE)
encryptedKeyBytes = ProtectedData.Protect(derivedKeyBytes, saltBytes, DataProtectionScope.LocalMachine)
decryptedKeyBytes = ProtectedData.Unprotect(encryptedKeyBytes, saltBytes, DataProtectionScope.LocalMachine)
desParams.saltValue = "1Password!"
desParams.Password = "1Password!"
DEFAULT_KEY_SIZE = 16
I am using the OpenNETCF 1.3, with CF 2.0.
I have also tried using P/Invoke API calls, and get the same problems.
Any one out there have any ideas?
Cheers
Richard Angus
