Issues with protectedData API

时间:2015-09-29 00:54:15

标签: c# .net cryptography data-protection

I have following code and application works successfully sometimes but for certain users its not able to decrypt the password. It happens when mostly on server and multi user environment, works great on dev machine.

public static byte [] Protect( byte [] data )
    {
        try
        {
            // Encrypt the data using DataProtectionScope.CurrentUser. The result can be decrypted
            //  only by the same current user.
            return ProtectedData.Protect( data, s_aditionalEntropy, DataProtectionScope.CurrentUser );
        } 
        catch (CryptographicException e)
        {
            Console.WriteLine("Data was not encrypted. An error occurred.");
            Console.WriteLine(e.ToString());
            return null;
        }
    }

    public static byte [] Unprotect( byte [] data )
    {
        try
        {
            //Decrypt the data using DataProtectionScope.CurrentUser.
            return ProtectedData.Unprotect( data, s_aditionalEntropy, DataProtectionScope.CurrentUser );
        } 
        catch (CryptographicException e)
        {
            Console.WriteLine("Data was not decrypted. An error occurred.");
            Console.WriteLine(e.ToString());
            return null;
        }
    }

2 个答案:

答案 0 :(得分:0)

在服务器端上下文中,使用它会遇到一些问题。查看详情:

CurrentUser Scope :受保护的数据与CurrentUser相关联,我的意思是,只有加密数据的用户可以实现解密 - 没有其他人。您可能会将其理解为保护个人数据的常规。

LocalMachine Scope :如上所述,它允许不同的用户解密数据但它可能会导致安全问题!使用此范围,即使不在同一组/域中的用户也会解密数据!控件不是通过加密例程,而是通过用户访问thar服务器。

如果您有公共(或不在域下)服务器并且需要SOME GUYS才能访问某些类型的数据,您可以放弃DataProtectionScope并尝试自定义过程,其中:

1 - 如果获得授权,您可以检查用户。 2 - 您提供加密和解密数据的机制。 3 - 您可以为不同的用户或组假设不同的密钥。

详情请参阅此链接: https://msdn.microsoft.com/en-us/library/system.security.cryptography.dataprotectionscope(v=vs.110).aspx

答案 1 :(得分:0)

DataProtectionScope.LocalMachine:此范围对解密系统中任何经过身份验证的用户有效。

DataProtectionScope.CurrentUser:此范围仅对其身份用于加密的用户有效,只有该身份可以使其解密。 

   public static byte [] Protect( byte [] data )
        {
            try
            {
                return ProtectedData.Protect( data, s_aditionalEntropy, DataProtectionScope.LocalMachine );
            } 
            catch (CryptographicException e)
            {
                Console.WriteLine("Data was not encrypted. An error occurred.");
                Console.WriteLine(e.ToString());
                return null;
            }
        }

        public static byte [] Unprotect( byte [] data )
        {
            try
            {
                return ProtectedData.Unprotect( data, s_aditionalEntropy, DataProtectionScope.LocalMachine );
            } 
            catch (CryptographicException e)
            {
                Console.WriteLine("Data was not decrypted. An error occurred.");
                Console.WriteLine(e.ToString());
                return null;
            }
        }
相关问题
最新问题