使用DPAPI存储RijndaelManaged密钥

Question

I'm using C#.
I have a private key with size of 256 bytes,

I'm trying to use DPAPI as follow:

  RijndaelManaged key = new RijndaelManaged();
  byte[] buffer = new byte[32]
        {
                3,3,3,3,3,3,3,3,
                5,5,5,5,5,5,5,57,
                6,7,8,8,8,8,8,3,
                1,33,36,39,39,39,31,37
        };

        byte[] secret = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};

        // Encrypt a copy of the data to the stream.
        byte[] output = ProtectedData.Protect(buffer, secret, DataProtectionScope.CurrentUser);
        key.Key = output;//Throw an exception

My problem that output array thats return from ProtectData.Protect is with size that key.Key isn't supported (178 bytes) and when i'm trying to insert the output into that RijndaelManaged key i'm got an exception:

'System.Security.Cryptography.CryptographicException' occurred in mscorlib.dll

Additional information: Specified key is not a valid size for this algorithm.

How can i solve it? or any another solution to store my RijndaelManaged key?

I want also to access to my private key from another proccess

Thanks.

Answer 1

The output of ProtectedData.Protect is encrypted (not an encryption key). It grows to store whatever context and integrity checking it needs to prove that it can decrypt correctly. To get your original 256-bit key back you would need to call Unprotect .

If you're trying to derive a key (instead of encrypt it) use a key derivation routine, like PBKDF2 (in .NET this is implemented by Rfc2898DeriveBytes ).

Alternatively, if you're trying to use DPAPI to protect data, it does that inherently; you don't get to customize a key for it... just pass it the data to protect.