Decrypting a data protected by ProtectedData.Protect() on another PC.

[Sin Jeong-hun]

It seems like the Protect() uses the Windows accout information to
encrypt data. If I know the user name and the password, can I decrypt
it on another PC? If it is not, how about the exported key? On Windows
Vista, if file encryption is used, Windows suggests to back up the
key. If I import the key on another PC, then can I decrypt a data
protected by the Protect() method?

Or it is impossible by any means?

 

[Alvin Bruney [ASP.NET MVP]]

It depends on how it was encrypted. Some encryption strategies use the
machine so that the algorithm actually uses part of the machine to encrypt
and decrypt meaning that you can't decrypt from another machine. There's
also the user account which doesn't use machine level means. The other
important part is key storage. How will you make it available to the
encryption/decryption algorithm - that's the major sticking point with
windows type applications. Usually, I use the enterprise library for my
encryption needs which manages some of the issues for you automatically.

--

Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
The O.W.C. Black Book, 2nd Edition
Exclusively on www.lulu.com/owc $19.99

 

[Sin Jeong-hun]

Thank you for the reply. I didn't specify any specific algorithm for
that. I just used Protect() and Unprotect(), and all the things were
done automatically. So, I guess what you mean is that I can't
generally decrypt data which was Protect()ed on another machine or
user account, but have to use a third party library or manual
encryption.

It depends on how it was encrypted. Some encryption strategies use the
machine so that the algorithm actually uses part of the machine to encrypt
and decrypt meaning that you can't decrypt from another machine. There's
also the user account which doesn't use machine level means. The other
important part is key storage. How will you make it available to the
encryption/decryption algorithm - that's the major sticking point with
windows type applications. Usually, I use the enterprise library for my
encryption needs which manages some of the issues for you automatically.

--

Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
The O.W.C. Black Book, 2nd Edition
Exclusively onwww.lulu.com/owc$19.99
-------------------------------------------------------

It seems like the Protect() uses the Windows accout information to
encrypt data. If I know the user name and the password, can I decrypt
it on another PC? If it is not, how about the exported key? On Windows
Vista, if file encryption is used, Windows suggests to back up the
key. If I import the key on another PC, then can I decrypt a data
protected by the Protect() method?

Or it is impossible by any means?

 

[Alvin Bruney [ASP.NET MVP]]

Not necessarily, first read the documentation on the protect to determine
what algorithm it is using underneath. That will tell you if it is
decryptable on another machine. No documentation? Build a simple test
program that encrypts data and another to decrypt data taking in a string.
Run encryption on one machine, see if you can decrypt on another machine.
Usually, encryption methods provide some flexibility for choosing algorithms
and encryption keys.

--

Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
The O.W.C. Black Book, 2nd Edition
Exclusively on www.lulu.com/owc $19.99
-------------------------------------------------------

Thank you for the reply. I didn't specify any specific algorithm for
that. I just used Protect() and Unprotect(), and all the things were
done automatically. So, I guess what you mean is that I can't
generally decrypt data which was Protect()ed on another machine or
user account, but have to use a third party library or manual
encryption.

It depends on how it was encrypted. Some encryption strategies use the
machine so that the algorithm actually uses part of the machine to
encrypt
and decrypt meaning that you can't decrypt from another machine. There's
also the user account which doesn't use machine level means. The other
important part is key storage. How will you make it available to the
encryption/decryption algorithm - that's the major sticking point with
windows type applications. Usually, I use the enterprise library for my
encryption needs which manages some of the issues for you automatically.

--

Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
The O.W.C. Black Book, 2nd Edition
Exclusively onwww.lulu.com/owc$19.99
-------------------------------------------------------

It seems like the Protect() uses the Windows accout information to
encrypt data. If I know the user name and the password, can I decrypt
it on another PC? If it is not, how about the exported key? On Windows
Vista, if file encryption is used, Windows suggests to back up the
key. If I import the key on another PC, then can I decrypt a data
protected by the Protect() method?

Or it is impossible by any means?