Link to home
Start Free TrialLog in
Avatar of spen_lang
spen_lang

asked on

C# DPAPI with Password as Entropy

Hi,

I would like to use DPAPI to secure the API keys in my application to the Current User and use an additional entropy.


However, I would like the entropy to be generated by the user entering a password when they encrypt the data. When the app starts the user would also need to enter this password to generate the entropy for the decrypt. Is this possible or is there better ways to achieve this?


Thanks


byte[] Entropy = new byte[16];new RNGCryptoServiceProvider().GetBytes(Entropy);

Open in new window

public static string Encrypt(string clearText, byte[] entropy)
    {
        if (clearText == null) throw new ArgumentNullException(nameof(clearText));

        byte[] clearBytes = Convert.FromBase64String(clearText);
        byte[] encryptedBytes = ProtectedData.Protect(clearBytes, entropy, DataProtectionScope.CurrentUser);

        return Convert.ToBase64String(encryptedBytes);
    }

Open in new window

public static string Decrypt(string encryptedText, byte[] entropy)
    {
        if (encryptedText == null) throw new ArgumentNullException(nameof(encryptedText));

        byte[] encryptedBytes = Convert.FromBase64String(encryptedText);

        byte[] clearBytes = ProtectedData.Unprotect(encryptedBytes, entropy, DataProtectionScope.CurrentUser);
        return Convert.ToBase64String(clearBytes);
    }

Open in new window

Open in new window


Avatar of louisfr
louisfr

As long as the entropy parameter is the same when encrypting and decrypting, its origin shouldn't matter.
Avatar of spen_lang

ASKER

Thanks. Are you able to provide an example of how I could generate an entropy using a string that the user enters?
ASKER CERTIFIED SOLUTION
Avatar of louisfr
louisfr

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial