Revision as of 16:49, 19 September 2022 edit Mikhail Ryazanov (talk \| contribs) Extended confirmed users 24,632 edits m →Use of DPAPI by Microsoft software: punct., fmt. ← Previous edit		Revision as of 07:19, 20 October 2022 edit undo Processus Thief (talk \| contribs) 4 edits add ___domain backup keys infos Tags: Visual edit: Switched Disambiguation links added Next edit →
Line 11: Delegated access can be given to keys through the use of a [[COM+]] object. This enables [[Internet Information Services\|IIS]] [[web servers]] to use DPAPI. ==Active Directory backup keys== When a computer is a member of a ___domain, DPAPI has a backup mechanism to allow data deprotection in case the user's password is lost, which is named "Credential Roaming". When installing a new ___domain on a ___domain controller, a public and private key pair is generated, associated with DPAPI. When a master key is generated on a client workstation, the client communicates through an authenticated [[RPC]] call with a ___domain controller to retrieve a copy of the ___domain's public key. The client encrypts the master key with the ___domain controller's public key. Finally, it stores this new backup master key in its AppData directory, just like traditional master key storage. ==Use of DPAPI by Microsoft software== Line 33 ⟶ 38: ==External links== * [https://lestutosdeprocessus.fr/dechiffrement-dpapi.html Le fonctionnement de DPAPI par Processus Thief (FR)] * [http://go.microsoft.com/fwlink/?LinkId=89993 Windows Data Protection API (DPAPI) white paper by NAI Labs] * [http://www.codeproject.com/KB/system/protected_data.aspx Data encryption with DPAPI]

Data Protection API: Difference between revisions