How does System.Security.Cryptography.ProtectedData generate Unique Id

Question

Im using System.Security.Cryptography.ProtectedData to Protect the license data before writing it to the registry.

ProtectData.Protect(Byte[], Byte[], DataProtectionScope.LocalMachine)

The Dataprotection scope is LocalMachine.

What are the parameters which are used by ProtectData to encrypt the string? If i copy the encrypted string to another machine,will it work?

Some users are reporting licensing problems,is ProtectedData consistent?

Answer 1

Within LocalMachine scope, the protected data is associated with the machine context. Any process running on the computer can unprotect data. This enumeration value is usually used in server-specific applications that run on a server where untrusted users are not allowed access.

Caution The LocalMachine enumeration value allows multiple accounts to unprotect data. Use this value only when you trust every account on a computer. For most situations, you should use the CurrentUser value.

The encrypted data can only be decrypted on the same machine on which is encrypted.

DPAPI uses a MasterKey (512 bits of random data) to generate a session key for encryption and decryption. This means it will remain intact until reinstalling of OS.

https://msdn.microsoft.com/en-us/library/ms995355.aspx

Answer 2

Reflector shows that ProtectData.Protect is basically a wrapper for crypt32.dll's CryptProtectData() function.

From MSDN: (https://msdn.microsoft.com/en-us/library/windows/desktop/aa380261%28v=vs.85%29.aspx)

The CryptProtectData function performs encryption on the data in a DATA_BLOB structure. Typically, only a user with the same logon credential as the user who encrypted the data can decrypt the data. In addition, the encryption and decryption usually must be done on the same computer.