Data protection application programming interface

From Wikipedia, the free encyclopedia

This article may require cleanup to meet Wikipedia's quality standards.
Please discuss this issue on the talk page or replace this tag with a more specific message.
This article has been tagged since March 2007.
This March 2007 is not written in the formal tone expected of an encyclopedia article.
Please improve it or discuss changes on the talk page. See Wikipedia's guide to writing better articles for suggestions.

DPAPI stands for Data Protection Application Programming Interface. It is a (relatively) simple API available as standard in Microsoft Windows 2000 and up.

For almost all types of encryption, you need a key. A key is a string of characters or bytes that is used to encrypt or decrypt the data. However, when developing secure systems, the question "how do I store the encryption key" often arises. If you store it in "plain text", then anyone that can access the key can access the encrypted data. If you want to encrypt it, it you need a further key, which will also need encrypting, and so on ad infinitum. The DPAPI allows the developer to encrypt keys based on a particular user's profile or all the users of the local machine by the use of the system DPAPI key.

The actual keys (used for encrypting your keys) are stored under "Application Data\Microsoft\Protect\{SID}", where {SID} is the security identifier of that user. The DPAPI key is stored in the same file as the master key that protects the users private keys. It usually is 40 bytes of random data.

DPAPI doesn't store anything, other than its own "master" keys used for encryption and decryption.

DPAPI is a very powerful and cryptographically secure system - provided that the DPAPI key is not compromised. Particular data blobs can be encrypted in a way that Salt (cryptography) is added and/or an external - user provided password is required.

This API is rarely used, since most applications prefer to roll out their own schemes.

Delegated access can be given to keys through the use of a COM+ object. This enables IIS web servers to use the API easily. See [1]

Microsoft information is at: [2] and at [3]

Retrieved from "http://en.wikipedia.org../../../d/a/t/Data_protection_application_programming_interface.html"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.