Wikipedia

Data Protection API: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
Removed 2005 reverse-engineering claim based on a forum post
Citation bot (talk | contribs)
Bots
5,863,201 edits
Added date. | Use this bot. Report bugs. | Suggested by Whoop whoop pull up | Category:Microsoft application programming interfaces | #UCB_Category 105/133
 
(31 intermediate revisions by 26 users not shown)
Line 1:
{{Short description|Windows API for cryptography}}
'''DPAPI (Data Protection Application Programming Interface)''' ('''DPAPI''') is a simple [[cryptography|cryptographic]] [[application programming interface]] available as a built-in component in [[Windows 2000]] and later versions of [[Microsoft Windows]] [[operating system]]s. In theory, the Data Protection API can enable symmetric encryption of any kind of data; in practice, its primary use in the Windows operating system is to perform symmetric encryption of asymmetric private keys, using a user or system secret as a significant contribution of entropy. A detailed analysis of DPAPI inner-workings was published in 2011 by [[Elie Bursztein|Bursztein]] et al.<ref>{{cite conference|last1=Bursztein|first1=Elie|last2=Picod|first2=Jean Michel|date=2010|title=Recovering Windows secrets and EFS certificates offline|book-title=WoOT 2010|publisher=Usenix|url=https://elie.net/publication/recovering-windows-secrets-and-efs-certificates-offline/}}</ref>
 
For nearly all cryptosystems[[cryptosystem]]s, one of the most difficult challenges is "[[key management]]" -{{snd}} in part, how to securely store the decryption key. If the key is stored in ''[[plain text]]'', then any user that can access the key can access the encrypted data. If the key is to be encrypted, another key is needed, and so on. DPAPI allows developers to encrypt keys using a symmetric key derived from the user's logon secrets, or in the case of system encryption, using the system's ___domain authentication secrets.
 
The DPAPI keys used for encrypting the user's [[RSA (cryptosystem)|RSA]] keys are stored under "<code>%APPDATA%\Microsoft\Protect\{[[Security Identifier|SID]]}"</code> directory, where {[[Security Identifier|SID]]} is the security[[Security identifierIdentifier]] of that user. The DPAPI key is stored in the same file as the master key that protects the users private keys. It usually is 64 &nbsp;bytes of random data.
 
In 2010 [[Elie Bursztein]] and [[Jean-Michel Picod]] presented an analysis of the protocol titled ''Reversing DPAPI and Stealing Windows Secrets Offline'' at [http://www.blackhat.com/html/bh-dc-10/bh-dc-10-briefings.html Black Hat DC 2010]. In addition to their briefing, Bursztein and Picod released [http://www.dpapick.com DPAPIck] which allows offline decryption of data encrypted with DPAPI. In 2012 Passcape Software published in their blog more detailed article on [http://passcape.com/index.php?section=blog&cmd=details&id=20 DPAPI internal logic] and presented [http://passcape.com/windows_password_recovery_dpapi_decoder a tool] for fully DPAPI offline decryption and analysis. Unlike previous one, the tool utilizes some old Windows bugs (for example, you can decrypt Windows 2000 DPAPI blobs without knowing the owner logon password) and is fully compatible with Windows 8 DPAPI data structure. In Windows 8 Microsoft changed the way the DPAPI logic works. Now multiple user keys can be used to derive an encryption key to decrypt the user masterkey which is used then to decode a single DPAPI blob.
 
==Security properties==
DPAPI doesn't store any persistent data for itself; instead, it simply receives [[plaintext]] and returns [[ciphertext]] (or vice versaconversely).
 
DPAPI security relies upon the Windows operating system's ability to protect the Mastermaster Keykey and [[RSA (algorithm)|RSA]] private keys from compromise, which in most attack scenarios is most highly reliant on the security of the end user's credentials. A main encryption/decryption key is derived from user's password by [[PBKDF2]] function.<ref>{{cite web|title=Windows Password Recovery - DPAPI Master Key analysis|url=http://www.passcape.com/windows_password_recovery_dpapi_master_key|accessdatewebsite=Passcape.com|access-date=2013-05-06}}</ref> Particular data [[binary large object]]s can be encrypted in a way that [[Salt (cryptography)|salt]] is added and/or an external user-prompted password (aka "Strong Key Protection") is required. The use of a salt is a per-implementation option -{{snd}} i.e. under the control of the application developer -{{snd}} and is not controllable by the end user or system administrator.
 
Delegated access can be given to keys through the use of a [[COM+]] object. This enables [[Internet Information Services|IIS]] [[web servers]] to use DPAPI.
 
==Active Directory backup keys==
When a computer is a member of a ___domain, DPAPI has a backup mechanism to allow data deprotection in case the user's password is lost, which is named "Credential Roaming".
When installing a new ___domain on a ___domain controller, a public and private key pair is generated, associated with DPAPI.
When a master key is generated on a client workstation, the client communicates through an authenticated [[Remote procedure call|RPC]] call with a ___domain controller to retrieve a copy of the ___domain's public key. The client encrypts the master key with the ___domain controller's public key. Finally, it stores this new backup master key in its AppData directory, just like traditional master key storage.
 
==Use of DPAPI by Microsoft software==
While not universally implemented in all Microsoft products, the use of DPAPI by Microsoft products has increased with each successive version of Windows. However, many applications from Microsoft and third-party developers still prefer to use their own protection approach or have only recently switched to use DPAPI. For example, [[Internet Explorer]] versions 4.0-60–6.0, [[Outlook Express]] and [[MSN Explorer]] used the older Protected Storage (PStore) API to store saved credentials such as passwords etc. [[Internet Explorer &nbsp;7]] now protects stored user credentials using DPAPI.<ref>{{cite web | url=https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=cd572045-0dfe-4b49-9df6-578cbc441ce5&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments | title=Password Management Concerns with IE and Firefox, part one | author=Mikhael Felker | date=December 8, 2006 | access-date=2010-03-28 | publisher=[[SecurityFocus.com]], [[Symantec.com]]}}</ref>
|url=http://www.symantec.com/connect/articles/password-management-concerns-ie-and-firefox-part-one
|title=Password Management Concerns with IE and Firefox, part one
|author=Mikhael Felker
|date=December 8, 2006
|accessdate=2010-03-28
|publisher=[[SecurityFocus.com]], [[Symantec.com]]
}}</ref>
 
* Picture password, PIN and fingerprint in [[Windows 8]]
* [[Encrypting File System]] in Windows 2000 and later
* SQL Server [[Transparent Data Encryption]] (TDE) Service Master Key encryption<ref>{{cite web|url=https://msdn.microsoft.com/en-us/library/ms189586(v=sql.110).aspx|title=Encryption Hierarchy|website=Msdn.microsoft.com|date=April 2012 |access-date=14 October 2017}}</ref>
* [[Internet Explorer 7]], both in the standalone version available for [[Windows &nbsp;XP]] and in the integrated versions available in [[Windows Vista]] and [[Windows Server 2008]]
* [[Microsoft Edge]]
* [[Windows Mail]] and [[Windows Live Mail]]
* Outlook for [[S/MIME]]
Line 32 ⟶ 31:
* Windows [[Rights Management Services]] client v1.1 and later
* [[Windows 2000]] and later for [[Extensible Authentication Protocol#EAP-TLS|EAP/TLS]] ([[VPN]] authentication) and 802.1x ([[WiFi]] authentication)
* Windows XP and later for [httpstored user names and passwords<ref>{{cite web|url=https://technet.microsoft.com/en-us/library/bb457059.aspx|title=What's StoredNew Userin NamesSecurity for Windows XP Professional and Passwords]Windows XP Home Edition|website=Technet.microsoft.com|date=11 September 2009 |access-date=14 October 2017}}</ref> (aka Credential Manager)
* [[.NET Framework]] 2.0]] and later for [System.Security.Cryptography.ProtectedData<ref>{{cite web|url=http://msdn2.microsoft.com/en-us/library/system.security.cryptography.protecteddata.aspx|title=ProtectedData Class (System.Security.Cryptography)|website=Msdn2.ProtectedData]microsoft.com|access-date=14 October 2017}}</ref>
* Microsoft.Owin (Katana) cookie authentication (by default when self -hosting (including cookie authentication and [[OAuth]] tokens)<ref>{{cite web|title=CookieAuthenticationOptions.TicketDataFormat Property (Microsoft.Owin.Security.Cookies)|url=http://msdn.microsoft.com/en-us/library/microsoft.owin.security.cookies.cookieauthenticationoptions.ticketdataformat(v=vs.113).aspx|accessdateaccess-date=2015-01-15}}</ref><ref>{{cite web|title=OAuthAuthorizationServerOptions.AccessTokenFormat Property (Microsoft.Owin.Security.OAuth)| date=27 October 2015 |url=http://msdn.microsoft.com/en-us/library/microsoft.owin.security.oauth.oauthauthorizationserveroptions.accesstokenformat(v=vs.113).aspx|access-date=2018-11-26}}</ref>
 
==References==
{{reflistReflist}}
 
==External links==
* [https://lestutosdeprocessus.fr/dechiffrement-dpapi.html Le fonctionnement de DPAPI par Processus Thief (FR)] {{Webarchive|url=https://web.archive.org/web/20221020071943/https://lestutosdeprocessus.fr/dechiffrement-dpapi.html |date=2022-10-20 }}
* [http://go.microsoft.com/fwlink/?LinkId=89993 Windows Data Protection API (DPAPI) white paper by NAI Labs]
* [http://www.codeproject.com/KB/system/protected_data.aspx Data encryption with DPAPI]
* [http://www.obviex.com/samples/dpapi.aspx Use DPAPI to encrypt and decrypt data]
* [http://msdn.microsoft.com/library/aa302404.aspx How To: Use DPAPI (User Store) from ASP.NET 1.1 with Enterprise Services]
* [http://msdn.microsoft.com/library/system.security.cryptography.protecteddata.aspx System.Security.Cryptography.ProtectedData in .NET Framework 2.0 and later]
Retrieved from "https://en.wikipedia.org/wiki/Data_Protection_API"