Reputation: 17085
DataProtectionScope when using ProtectedData.Protect
For encryption/decryption of data which is written in txt files I try to use System.Security.Cryptography.ProtectedData.Protect and Unprotect methods. One of the parameters of these methods is DataProtectionScope. For example:
byte[] encryptedData = ProtectedData.Protect(data, addEntropy, DataProtectionScope.CurrentUser);
...
byte[] decryptedData = ProtectedData.Unprotect(data, addEntropy, DataProtectionScope.CurrentUser);
or
byte[] encryptedData = ProtectedData.Protect(data, addEntropy, DataProtectionScope.LocalMachine);
...
byte[] decryptedData = ProtectedData.Unprotect(data, addEntropy, DataProtectionScope.LocalMachine);
My question is about differences between CurrentUser and LocalMachine DataProtectionScopes.
Is LocalMachine DataProtectionScope just less restrictive than CurrentUser one, and difference is, that data, encrypted by any user, can be decrypted by any other user working at the same computer? Or maybe there are some additional specifics?
Upvotes: 3
Views: 3363
Answers (1)
Reputation: 25742
CurrentUser scope stores the encryption keys that only the currently logged user will be able to retrieve the data. On the other hand, LocalMachine scope allows any account on the same computer to access the files but denies remote access. Which one to use depends on your needs.
Upvotes: 2
Related Questions
- Compiler Error Message: CS0103: The name 'ProtectedData' does not exist in the current context
- Can't find `DataProtectionScope` and `ProtectedData` classes in System.Security.Cryptography
- ProtectedData.Protect intermittent failure
- DataProtectionScope.CurrentUser encryption does not seem to work across machines
- DataProtectionProvider constructor protection description
- ProtectedData.Protect and hardware changes
- How secure is ProtectedData.Protect (DPAPI)?
- DataProtectionConfigurationProvider decryption
- Encrypt/Decrypt using DataProtection.DataProtector c#
- encryption using protectedData.protect in windows phone 7.1