Revision as of 21:30, 3 June 2010 edit 129.81.170.252 (talk) No edit summary ← Previous edit		Revision as of 09:19, 13 August 2010 edit undo 212.44.26.236 (talk) fixed a typo Next edit →
Line 5: The [[DPAPI]] keys used for encrypting the user's RSA keys are stored under "%USERPROFILE%\Application Data\Microsoft\Protect\{[[Security Identifier\|SID]]}" [[Windows XP]] or before, and in "%USERPROFILE%\AppData\Roaming\Microsoft\Protect\{[[Security Identifier\|SID]]}" in [[Windows Vista]] or later, where {[[Security Identifier\|SID]]} is the security identifier of that user. The DPAPI key is stored in the same file as the master key that protects the users private keys. It usually is 64 bytes of random data. Though the [[DPAPI]] internals are largely undocumented by Microsoft, [[Elie Bursztein]] and [[Jean-Michel Picod]] presented an analysis of the protocol titled, ''Reversing DPAPI and Stealing Windows Secrets Offline'' at [http://www.blackhat.com/html/bh-dc-10/bh-dc-10-briefings.html Black Hat DC 2010]. In addition to their ~~breifing~~briefing, Bursztein and Picod released [http://www.dpapick.com DPAPick] which allows offline decryption of data encrypted with [[DPAPI]]. ==Security properties==

Data Protection API: Difference between revisions