Protecting encryption keys using DPAPI: Obvious hole?_问答_开发者

Protecting encryption keys using DPAPI: Obvious hole?

开发者 https://www.devze.com 2022-12-22 04:48 出处：网络

I have a Windows.Forms based .NET desktop application that stores privileged information in a file on disk (not using .NET configuraton files), encrypted using a symmetric cryptography algorithm such

I have a Windows.Forms based .NET desktop application that stores privileged information in a file on disk (not using .NET configuraton files), encrypted using a symmetric cryptography algorithm such as TripleDES using MS's CryptoAPI. This file must be read/written over multiple program runs / machine power cycles, aka, use the same Key/IV every time. The obvious question here is how to protect the Key (and possibly IV), and several questions here on SO simply say "use the DPAPI" and give a trivial example of round trip encryption/decryption.

I know how to use the DPAPI already, but it seems there is an obvious problem with using it to protect a Key/IV to be fed to another encryption scheme. Consider the following code:

TripleDESCryptoServiceProvider^ cryptoprov = gcnew TripleDESCryptoServiceProvider;
cryptoprov->Key =开发者_运维问答 ProtectedData::Unprotect(encryptedKey, salt, DataProtectionScope::CurrentUser);
cryptoprov->IV  = ProtectedData::Unprotect(encryptedIV,  salt, DataProtectionScope::CurrentUser);

Due to the fact you must assign a SymmetricAlgorithm derived class' Key and IV, couldn't an attacker just set a breakpoint on this point, and easily figure out what the Key/IV is?

My questions are as follows:

Have I missed the point for using DPAPI to protect keys? How would you do it?
Should I just use the DPAPI for the encryption of my file? Therefore, no Key/IV storage needed.
I've noticed the existence of CspParameters for asymmetric encryption. Is this inherently a better option than symmetrical? (within the context of my scenario, not symmetric vs assymetric outright)

Thanks!

If the attacker is able to set a breakpoint, you've already lost.
The attacker can simply set a breakpoint after the data is decrypted and read the plaintext.

What kind of attacker are you afraid of?

If you want to, you can write if (Debugger.IsAttached) Environment.FailFast(), but the attacker can remove the check using Reflexil.

The goal of DPAPI is to protect persistant data from snooping and tampering, it offers nothing to protect tha secret data in the application's memory.