CODEWITHSUNDEEP
asp.net-coredpapi
Veverke
Veverke

Reputation: 11358

ASP.NET Core DPAPI PersistKeyToFileSystem encrypting the key

I am using ASP.NET Core DPAPI. The key in use is currently unprotected. I see in the docs an example that shows the key encrypted, but I can't figure out what is the api setting for that.

I am using the following:

services
.AddDataProtection()
.SetApplicationName("MyApp")
.SetDefaultKeyLifetime(TimeSpan.FromDays(3))
.PersistKeysToFileSystem(new DirectoryInfo("C:\MyDir"));

Below is an excerpt of the generated xml file:

    <descriptor>
      <encryption algorithm="AES_256_CBC" />
      <validation algorithm="HMACSHA256" />
      <masterKey p4:requiresEncryption="true" xmlns:p4="http://schemas.asp.net/2015/03/dataProtection">
        <!-- Warning: the key below is in an unencrypted form. -->
        <value>123345689...0987654321</value>
      </masterKey>
    </descriptor>
  </descriptor>

I want the disk persisted key to be encrypted as well. How do I achieve this ?

This doc shows an example with an encrypted key. What are the api method calls required to generate the xml key file with an encrypted key?

Upvotes: 4

Views: 943

Answers (1)

AardVark71
AardVark71

Reputation: 4126

There are currently three methods available to encrypt the key before it's persisted to storage.

Your example could for instance be extended with ProtectKeysWithDpapi() like this:

services
.AddDataProtection()
...
.PersistKeysToFileSystem(new DirectoryInfo(@"C:\MyDir"))
.ProtectKeysWithDpapi();

Upvotes: 2

Related Questions