Encryption. DPAPI. MACHINE_STORE. Server re-install ?

[Dominick Baier [DevelopMentor]]

yes - exactly.

the DPAPI machine key is uniqe for every machine. I would not use DPAPI in
this scenario. If you want to encrypt the data use the normal symmetric/asymmetric
algorithm that allow you to specify a key.

 

[Jim Andersen]

Hi there,

I've been reading/doing this
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT08.asp

and have a question about this:
---------------
Note If you use DPAPI with the machine store, the encrypted string is
specific to a given computer and therefore you must generate the encrypted
data on every computer. Do not copy the encrypted data across computers in a
farm or cluster.
------------------

My scenario is: I have a web-app in .NET 2.0. The user enters some data. I
encrypt it. I store the encrypted data in a SQL server table. I can then
retrieve the data, decrypt it, and show it to the user.

But what happens if my IIS-server crashes and have to be re-installed ? What
does "a given computer" mean ? Is my data forever encrypted and can never be
decrypted ?

/jim

 

[Jim Andersen]

"Dominick Baier [DevelopMentor]" <[email protected]>
skrev i en meddelelse

yes - exactly.

the DPAPI machine key is uniqe for every machine. I would not use DPAPI in
this scenario. If you want to encrypt the data use the normal
symmetric/asymmetric algorithm that allow you to specify a key.

I thought I was doing that, and storing the key in DPAPI ?

I am already specifying one more key (or salt or whatever its called) as it
suggests in the example in step 5.
----
// Could pass random value (stored by the application) for added
// security when using DPAPI with the machine store.
----

What do you mean by "the normal symmetric/asymmetric algorithm", and where
do I store the key, and isn't that a less secure storing area than the
machine-store ?

thx
/jim

 

[Dominick Baier [DevelopMentor]]

you are right - this is less secure - depending on your threat model at least...

DPAPI takes care of the key management for you - but it is bound to a machine
- so decide yourself what you want to do..

the other algorithms are in the System.Security.Cryptography namesspace like
3DES or RijndaelManaged.

The entropy as the call it just augments the key with additional data - but
the key is still bound to the machine.

 

[Bishoy George]

Hi All,
I am trying also to do the encrypt-decrypt processes separately.

I knew that for symmetric encryption, I only have 2 class algorithms:
Either RijndaelManaged or TripleDES
I tried the RijndaelManaged class, and everything was OK except a very
strange sticky error.

Length of the data to decrypt is invalid
Line 70: cs.Read(fromEncrypted, 0, fromEncrypted.Length);


My Code:
--------------------------------------------------

using System;

using System.Data;

using System.Configuration;

using System.Web;

using System.Web.Security;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Web.UI.WebControls.WebParts;

using System.Web.UI.HtmlControls;

using System.IO;

using System.Text;

using System.Security.Cryptography;

public class MyEncryption : System.Web.UI.Page

{

public MyEncryption()

{

}

public static string Encrypt(string original)

{

byte[] encrypted;

byte[] toEncrypt;

byte[] key;

byte[] IV;

ASCIIEncoding textConverter = new ASCIIEncoding();

toEncrypt = textConverter.GetBytes(original);

RijndaelManaged myRijndael = new RijndaelManaged();

myRijndael.GenerateKey();

myRijndael.GenerateIV();

key = myRijndael.Key;

IV = myRijndael.IV;

MyEncryption me = new MyEncryption();

me.SetVariables(key, IV);

MemoryStream ms = new MemoryStream();

ICryptoTransform encryptor = myRijndael.CreateEncryptor(key,IV);

CryptoStream cs = new CryptoStream(ms, encryptor,CryptoStreamMode.Write);

cs.Write(toEncrypt, 0, toEncrypt.Length);

cs.FlushFinalBlock();

encrypted = ms.ToArray();

string final = Convert.ToBase64String(encrypted);

return final;

}

public static string Decrypt(string encryptedString)

{

byte[] key;

byte[] IV;

byte[] encrypted;

byte[] fromEncrypted;

MyEncryption me = new MyEncryption();

me.GetVariables(out key, out IV);

ASCIIEncoding textConverter = new ASCIIEncoding();

encrypted = textConverter.GetBytes(encryptedString);

fromEncrypted = new byte[encrypted.Length];

MemoryStream ms = new MemoryStream(encrypted);

RijndaelManaged myRijndael = new RijndaelManaged();

ICryptoTransform decryptor = myRijndael.CreateDecryptor(key,IV);

CryptoStream cs = new CryptoStream(ms, decryptor,CryptoStreamMode.Read);

cs.Read(fromEncrypted, 0, fromEncrypted.Length);

string decryptedString = Convert.ToBase64String(fromEncrypted);

return decryptedString;

}

private void SetVariables(byte[] key, byte[] IV)

{

Session["key"] = key;

Session["IV"] = IV;

}

private void GetVariables(out byte[] key, out byte[] IV)

{

key = (byte[])Session["key"];

IV = (byte[])Session["IV"];

}

}


-------------------------------------------------------------------------

"Dominick Baier [DevelopMentor]" <[email protected]>
skrev i en meddelelse

yes - exactly.

the DPAPI machine key is uniqe for every machine. I would not use DPAPI
in this scenario. If you want to encrypt the data use the normal
symmetric/asymmetric algorithm that allow you to specify a key.

I thought I was doing that, and storing the key in DPAPI ?

I am already specifying one more key (or salt or whatever its called) as
it suggests in the example in step 5.
----
// Could pass random value (stored by the application) for added
// security when using DPAPI with the machine store.
----

What do you mean by "the normal symmetric/asymmetric algorithm", and where
do I store the key, and isn't that a less secure storing area than the
machine-store ?

thx
/jim

 

[Jim Andersen]

"Dominick Baier [DevelopMentor]" <[email protected]>
skrev i en meddelelse

you are right - this is less secure - depending on your threat model at
least...

DPAPI takes care of the key management for you - but it is bound to a
machine - so decide yourself what you want to do..

Well, there's not much to decide.... I can't just cross my fingers and hope
the server will never crash.
Unless.... is there some way I can get the server to tell me it's key ?
Write it down and lock it in a safe. And then when (not if...) the server
dies, I can still decrypt all the data on the sql-server, and then encrypt
it again on the new server ?

Key mangement... is there a good link somewhere. Most examples on encryption
I've seen just have the key in a session variable or it is passed to the
function as an argument, or "this is outside the scope of this article".
This is why I jumped at the DPAPI solution. No key management !

thx
/jim

 

[Kaustav]

Hi Jim,

AFAIK, if IIS Server crashes, you still will be able to restore your data
using DPAPI configured with a machine store. This is because the machine
store probably uses OS specific data for generating the Key. So as long as
the OS is okay, you shouldn't have a problem. Yet another option can be to
use an User store instead of the machine store. You can have the user profile
backed up and restore it on a different machine if required just in case it
gets corrupt on the parent machine where it is being used.

HTH.

 

[Jim Andersen]

Hi Jim,

So as long as
the OS is okay, you shouldn't have a problem.
Yes.

Yet another option can be to
use an User store instead of the machine store. You can have the user
profile
backed up and restore it on a different machine if required just in case
it
gets corrupt on the parent machine where it is being used.

You have any good links to managing user profiles ? Have never worked with
that technology before.

/jim

 

[Kaustav]

Hi Jim,

check out
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetht09.asp

Kaustav.

 

[Dominick Baier [DevelopMentor]]

user store won't work with IIS - the profile is not loaded for worker process
accounts.

the rule of thumb is - if the data stays on the computer where it was encrypted
- use DPAPI - otherwise you have to do your own key management (and use a
different encryption algorithm).

 

[Kaustav]

Yeah exactly. My earlier post has a link which precisely details out the
steps to be followed in such a scenario.

Here is the link :

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetht09.asp

Kaustav.

 

[Dominick Baier [DevelopMentor]]

but still the key is stored locally on the machine...this is just to avoid
the machine store

to enable key "backup" you also need to use roaming profiles or backup the
profile - so you could also backup the whole machine, right??...

 

[Kaustav]

Absolutely. The profile has to be roaming or backed up.