Protecting encryption keys using DPAPI: Obvious hole?

Question

I have a Windows.Forms based .NET desktop application that stores privileged information in a file on disk (not using .NET configuraton files), encrypted using a symmetric cryptography algorithm such as TripleDES using MS's CryptoAPI. This file must be read/written over multiple program runs / machine power cycles, aka, use the same Key/IV every time. The obvious question here is how to protect the Key (and possibly IV), and several questions here on SO simply say "use the DPAPI" and give a trivial example of round trip encryption/decryption.

I know how to use the DPAPI already, but it seems there is an obvious problem with using it to protect a Key/IV to be fed to another encryption scheme. Consider the following code:

TripleDESCryptoServiceProvider^ cryptoprov = gcnew TripleDESCryptoServiceProvider;
cryptoprov->Key = ProtectedData::Unprotect(encryptedKey, salt, DataProtectionScope::CurrentUser);
cryptoprov->IV  = ProtectedData::Unprotect(encryptedIV,  salt, DataProtectionScope::CurrentUser);

Due to the fact you must assign a SymmetricAlgorithm derived class' Key and IV, couldn't an attacker just set a breakpoint on this point, and easily figure out what the Key/IV is?

My questions are as follows:

• Have I missed the point for using DPAPI to protect keys? How would you do it?
• Should I just use the DPAPI for the encryption of my file? Therefore, no Key/IV storage needed.
• I've noticed the existence of CspParameters for asymmetric encryption. Is this inherently a better option than symmetrical? (within the context of my scenario, not symmetric vs assymetric outright)

Thanks!

Answer 1

The goal of DPAPI is to protect persistant data from snooping and tampering, it offers nothing to protect tha secret data in the application's memory.