The protect and unprotect functions in system.security.cryptography,
use the symmetric key to encrypt... I need to know that is this the
same symmetric key that is used by windows to encrypt the private key files...? ? ?

Recommended Answers

All 3 Replies

Each user (and machine) has a key that is used by the API. The same key is used for anything that uses the Data Protection API. Not sure what private key files you are talking about.

I am talking about the private key files that are generated when different applications
exchange certificates..

What I understand from your answer is that if DataProtectionScope is set to current user
the same key will be used that is assigned to this user by windows. and similar is the case with machine option of DataProtectionScope.

So there is a key for machine , and a key for each user set by windows for the encryption
purpose? Am I right?

I am talking about the private key files that are generated when different applications exchange certificates..


What I understand from your answer is that there exist a single key that is used by windows
for encryption, and the same keys are used by the protect and unprotect APIs.

and the DataProtectionScope attribute is set to allow the scope for the set of users
that can decrypt the file. If DataProtectionScope is set to currentuser, then all processes running under current user will be able to perform decryption of the particular file.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.