Last post Jul 20, 2017 02:15 AM by Cathy Zou
Jul 19, 2017 04:55 AM|Jake1234|LINK
In .Net DPAPI, all child keys are managed by the DPAPI Master key. Hence, we need to make sure about the security of this Master key.
Where and how the .Net Core (or Framework) secures this master key ?
Jul 19, 2017 10:54 AM|priyalwalpita|LINK
There are several ways and places where you can safely store your master key as follows.
Jul 20, 2017 02:15 AM|Cathy Zou|LINK
DPAPI doesn't store any persistent data for itself; instead, it simply receives plaintext and returns ciphertext (or vice versa).
DPAPI security relies upon the Windows operating system's ability to protect the Master Key and
RSA private keys from compromise, which in most attack scenarios is most highly reliant on the security of the end user's credentials. A main encryption/decryption key is derived from user's password by
PBKDF2 function. Particular
binary large objects can be encrypted in a way that
salt is added and/or an external user-prompted password (aka "Strong Key Protection") is required. The use of a salt is a per-implementation option - i.e. under the control of the application developer - and is not controllable by the end user or system
Delegated access can be given to keys through the use of a
COM+ object. This enables
web servers to use DPAPI.
Disclaimer: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found
on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions
you to make sure that you completely understand the risk before retrieving any software from the Internet.