11

Which route to take, what are the pros and cons, which is more secure..

  1. Generate AES key, encrypt the data with it and then encrypt the AES key with RSA, save the encrypted data and encrypted AES key to a file and RSA keypair to a KeyContainer.

  2. Or use DPAPI ProtectedData class to encrypt the data and save it to a file and then store the entropy what I used with ProtectedData.Protect() to somewhere.. (maybe also encrypt it with the RSA, store the RSA keypair to KeyContainer and the encrypted entropy to the file with the data?)

  • Look at this thread re DPAPI: http://security.stackexchange.com/questions/2243/how-can-i-mitigate-the-threat-that-dpapick-poses-to-my-dpapi-protected-data. I'm actually encrypting my data, then encrypting it with DPAPI again – Casebash Jul 27 '11 at 02:26

2 Answers2

8

Though you can probably get stronger encryption when you choose the algorithms yourself (DPAPI used to use 3DES, dont know if thats still the case in 7), the weakest part of your crypto-system will almost always be the key management. (assuming you use decent algorithms, and even 3DES is not completely broken).

Using DPAPI means you dont have to worry about key management at all (other than protecting your key with DPAPI in the first place). I'm sure @Thomas will jump in with a detailed response, but typically my answer would be to go with DPAPI.

AviD
  • 72,708
  • 22
  • 137
  • 218
  • 4
    DPAPI is user specific, so if you plan to transport the encrypted data to another machine or another user, you won't be able to decrypt it. Keep this in mind and see if it fits your design. – Nasko Jul 22 '11 at 15:57
  • 2
    What @Nasko says is absolutely true, and has bitten many a programmer in the heinie. DPAPI should be used to protect *keys*, not data - i.e. use it for a Key Encrypting Key, that way you can do that on each machine, even in a server farm, and have the real data encrypted just the once. – AviD Jul 23 '11 at 21:21
0

AES, or DPAPI? It depends on your architecture.

For example, if you're someone who wants a stateless, salable, load balanced Web site, then don't use DPAPI for cookie/session encryption. If you do, you're effectively limiting a user session to a single host.... depending on your use case.

Regarding DPAPI and RSA, you may be interested in this MSDN article, whitepaper and this question regarding DPAPI's private keys.

Glorfindel
  • 2,263
  • 6
  • 19
  • 30
makerofthings7
  • 50,488
  • 54
  • 253
  • 542