Key Management

Topics: Cryptography Application Block
Dec 25, 2009 at 11:37 AM

Hi I have a scenario like this:

I need a machine protected key with second entropy.

I read in the documentation it mentioned:

"The LocalMachine value means that that any code running on the machine has access to the protected key; therefore, it can decrypt any secret encrypted in LocalMachine mode. To counteract this, your application code can pass an entropy value when it calls the Encrypt or Decrypt methods. Entropy makes it more difficult for one application, running on the same computer, to compromise another application's encryption key. However, you must protect the entropy value. If it is simply saved to an unprotected file, attackers can access the file, retrieve the entropy value, and use it to decrypt an application's data. The application block configuration does not include the entropy value. This means that you cannot use the configuration tools to create or save an entropy value."

I've been searching hard for some sample code on how to do that.

Anyone could help me? How can i pass an entropy during Encrypt & Decrypt?

Any link to some sample code? Thanks.



Dec 28, 2009 at 4:03 AM
Edited Jan 11, 2010 at 4:12 AM


Passing an entropy value is specific to the DpapiCryptographer class.  Here is the code sample:


Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.