ProtectedData.Protect

Hi,
I was wondering if there was anyone else who is having some
difficulties using the DPAPI Crypto calls of WM 2003 SE/ WM 5.0.

What I am doing
=============
I am creating a library that wraps the provides RSA, 3DES, and RijnDael
cryptoghraphic providers. As a part of this, the use of symmetric keys
for the 3DES and RijnDael presents me with an interesting problem: how
to securely store the symmetrtic key.

To this end, I have gone down the path of using the DPAPI Crypto
unmanaged API. I have tried using P/Invoke, as well as using the
OpenNETCF 1.3 ProtectedData classes, but to no avail.

The encrypt works great, and produces encrypted data nicely. However, I
run into problems when I try to Unprotect the data. After much cursing
and gnashing of teeth, I found the error message:

"The data is invalid."

The following is the code that I am using:

Imports OpenNETCF.Security.Cryptography

....

saltBytes = Encoding.ASCII.GetBytes(desParams.SaltValue)
derivedPassword = New PasswordDeriveBytes(desParams.Password,
saltBytes)
derivedKeyBytes = derivedPassword.GetBytes(DEFAULT_KEY_SIZE)
encryptedKeyBytes = ProtectedData.Protect(derivedKeyBytes, saltBytes,
DataProtectionScope.LocalMachine)
decryptedKeyBytes = ProtectedData.Unprotect(encryptedKeyBytes,
saltBytes, DataProtectionScope.LocalMachine)

desParams.saltValue = "1Password!"
desParams.Password = "1Password!"
DEFAULT_KEY_SIZE = 16


I am using the OpenNETCF 1.3, with CF 2.0.
I have also tried using P/Invoke API calls, and get the same problems.

Any one out there have any ideas?

Cheers

if i remember correctly, i think the OpenNETCF version has a bug in it?
there is updated code here : http://www.brains-N-brawn.com/cfAES/
Thanks,
casey

<rcangus@gmail.com> wrote in message
news:1123558080.642974.223620@g14g2000cwa.googlegroups.com...
> Hi,
> I was wondering if there was anyone else who is having some
> difficulties using the DPAPI Crypto calls of WM 2003 SE/ WM 5.0.
>
> What I am doing
> =============
> I am creating a library that wraps the provides RSA, 3DES, and RijnDael
> cryptoghraphic providers. As a part of this, the use of symmetric keys
> for the 3DES and RijnDael presents me with an interesting problem: how
> to securely store the symmetrtic key.
>
> To this end, I have gone down the path of using the DPAPI Crypto
> unmanaged API. I have tried using P/Invoke, as well as using the
> OpenNETCF 1.3 ProtectedData classes, but to no avail.
>
> The encrypt works great, and produces encrypted data nicely. However, I
> run into problems when I try to Unprotect the data. After much cursing
> and gnashing of teeth, I found the error message:
>
> "The data is invalid."
>
> The following is the code that I am using:
>
> Imports OpenNETCF.Security.Cryptography
>
> ...
>
> saltBytes = Encoding.ASCII.GetBytes(desParams.SaltValue)
> derivedPassword = New PasswordDeriveBytes(desParams.Password,
> saltBytes)
> derivedKeyBytes = derivedPassword.GetBytes(DEFAULT_KEY_SIZE)
> encryptedKeyBytes = ProtectedData.Protect(derivedKeyBytes, saltBytes,
> DataProtectionScope.LocalMachine)
> decryptedKeyBytes = ProtectedData.Unprotect(encryptedKeyBytes,
> saltBytes, DataProtectionScope.LocalMachine)
>
> desParams.saltValue = "1Password!"
> desParams.Password = "1Password!"
> DEFAULT_KEY_SIZE = 16
>
>
> I am using the OpenNETCF 1.3, with CF 2.0.
> I have also tried using P/Invoke API calls, and get the same problems.
>
> Any one out there have any ideas?
>
> Cheers
>

Casey,
Thanks a heap I have been going around in circles for the last week
on this one (and the answer was staring me in the face).

Do you know if the OpenNETCF people are going to fix the ProtectedData
class? I noticed that your implementation in the cfAES is a lot simpler
than the one in the OpenNETCF 1.3/1.4 ProtectedData class.

Once again, thanks a heap

Richard

doh! ... i wrote the one in OpenNETCF years ago.
so i should have fixed it, but never got to it

<rcangus@gmail.com> wrote in message
news:1123564913.469340.313280@f14g2000cwb.googlegroups.com...
> Casey,
> Thanks a heap I have been going around in circles for the last week
> on this one (and the answer was staring me in the face).
>
> Do you know if the OpenNETCF people are going to fix the ProtectedData
> class? I noticed that your implementation in the cfAES is a lot simpler
> than the one in the OpenNETCF 1.3/1.4 ProtectedData class.
>
> Once again, thanks a heap
>
> Richard
>