Avatar of spen_lang
 asked on

C# DPAPI with Password as Entropy


I would like to use DPAPI to secure the API keys in my application to the Current User and use an additional entropy.

However, I would like the entropy to be generated by the user entering a password when they encrypt the data. When the app starts the user would also need to enter this password to generate the entropy for the decrypt. Is this possible or is there better ways to achieve this?


byte[] Entropy = new byte[16];new RNGCryptoServiceProvider().GetBytes(Entropy);

Open in new window

public static string Encrypt(string clearText, byte[] entropy)
        if (clearText == null) throw new ArgumentNullException(nameof(clearText));

        byte[] clearBytes = Convert.FromBase64String(clearText);
        byte[] encryptedBytes = ProtectedData.Protect(clearBytes, entropy, DataProtectionScope.CurrentUser);

        return Convert.ToBase64String(encryptedBytes);

Open in new window

public static string Decrypt(string encryptedText, byte[] entropy)
        if (encryptedText == null) throw new ArgumentNullException(nameof(encryptedText));

        byte[] encryptedBytes = Convert.FromBase64String(encryptedText);

        byte[] clearBytes = ProtectedData.Unprotect(encryptedBytes, entropy, DataProtectionScope.CurrentUser);
        return Convert.ToBase64String(clearBytes);

Open in new window

Open in new window

C#.NET Programming* .net core

Avatar of undefined
Last Comment

8/22/2022 - Mon

As long as the entropy parameter is the same when encrypting and decrypting, its origin shouldn't matter.

Thanks. Are you able to provide an example of how I could generate an entropy using a string that the user enters?

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes