Search code examples
c#.netcryptographydpapi

How does System.Security.Cryptography.ProtectedData generate Unique Id


Im using System.Security.Cryptography.ProtectedData to Protect the license data before writing it to the registry.

ProtectData.Protect(Byte[], Byte[], DataProtectionScope.LocalMachine)

The Dataprotection scope is LocalMachine.

What are the parameters which are used by ProtectData to encrypt the string? If i copy the encrypted string to another machine,will it work?

Some users are reporting licensing problems,is ProtectedData consistent?


Solution

  • Within LocalMachine scope, the protected data is associated with the machine context. Any process running on the computer can unprotect data. This enumeration value is usually used in server-specific applications that run on a server where untrusted users are not allowed access.

    Caution The LocalMachine enumeration value allows multiple accounts to unprotect data. Use this value only when you trust every account on a computer. For most situations, you should use the CurrentUser value.

    The encrypted data can only be decrypted on the same machine on which is encrypted.

    DPAPI uses a MasterKey (512 bits of random data) to generate a session key for encryption and decryption. This means it will remain intact until reinstalling of OS.

    https://msdn.microsoft.com/en-us/library/ms995355.aspx