DPAPI
Encyclopedia
DPAPI is a simple cryptographic
application programming interface
available as a built-in component in Windows 2000
and later versions of Microsoft Windows
operating system
s. In theory the Data Protection API can enable symmetric encryption of any kind of data; in practice, its primary use in the Windows operating system is to perform symmetric encryption of asymmetric private keys, using a user or system secret as a significant contribution of entropy.
For nearly all cryptosystems, one of the most difficult challenges is "key management" - in part, how to securely store the decryption key. If the key is stored in plain text, then any user that can access the key can access the encrypted data. If the key is to be encrypted, another key is needed, and so on ad infinitum. DPAPI allows developers to encrypt keys using a symmetric key derived from the user's logon secrets, or in the case of system encryption, using the system's domain authentication secrets.
The DPAPI
keys used for encrypting the user's RSA keys are stored under "%USERPROFILE%\Application Data\Microsoft\Protect\{SID
}" Windows XP
or before, and in "%USERPROFILE%\AppData\Roaming\Microsoft\Protect\{SID
}" in Windows Vista
or later, where {SID
} is the security identifier of that user. The DPAPI key is stored in the same file as the master key that protects the users private keys. It usually is 64 bytes of random data.
Though the DPAPI
internals are largely undocumented by Microsoft, Elie Bursztein
and Jean-Michel Picod presented an analysis of the protocol titled, Reversing DPAPI and Stealing Windows Secrets Offline at Black Hat DC 2010. In addition to their briefing, Bursztein and Picod released DPAPIck which allows offline decryption of data encrypted with DPAPI
.
DPAPI security relies upon the Windows operating system's ability to protect the Master Key and RSA private keys from compromise, which in most attack scenarios is most highly reliant on the security of the end user's credentials. Particular data binary large object
s can be encrypted in a way that salt
is added and/or an external user-prompted password (aka "Strong Key Protection") is required. The use of a salt is a per-implementation option - i.e. under the control of the application developer - and is not controllable by the end user or system administrator.
Delegated access can be given to keys through the use of a COM+ object. This enables IIS
web servers to use DPAPI.
versions 4.0-6.0, Outlook Express
and MSN Explorer
used the older Protected Storage (PStore) API to store saved credentials such as passwords etc. Internet Explorer 7
now protects stored user credentials using DPAPI.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
application programming interface
Application programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...
available as a built-in component in Windows 2000
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
and later versions of Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s. In theory the Data Protection API can enable symmetric encryption of any kind of data; in practice, its primary use in the Windows operating system is to perform symmetric encryption of asymmetric private keys, using a user or system secret as a significant contribution of entropy.
For nearly all cryptosystems, one of the most difficult challenges is "key management" - in part, how to securely store the decryption key. If the key is stored in plain text, then any user that can access the key can access the encrypted data. If the key is to be encrypted, another key is needed, and so on ad infinitum. DPAPI allows developers to encrypt keys using a symmetric key derived from the user's logon secrets, or in the case of system encryption, using the system's domain authentication secrets.
The DPAPI
DPAPI
DPAPI is a simple cryptographic application programming interface available as a built-in component in Windows 2000 and later versions of Microsoft Windows operating systems...
keys used for encrypting the user's RSA keys are stored under "%USERPROFILE%\Application Data\Microsoft\Protect\{SID
Security Identifier
In the context of the Microsoft Windows NT line of operating systems, a Security Identifier is a unique name which is assigned by a Windows Domain controller during the log on process that is used to identify a subject, such as a user or a group of users in a network of NT/2000...
}" Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
or before, and in "%USERPROFILE%\AppData\Roaming\Microsoft\Protect\{SID
Security Identifier
In the context of the Microsoft Windows NT line of operating systems, a Security Identifier is a unique name which is assigned by a Windows Domain controller during the log on process that is used to identify a subject, such as a user or a group of users in a network of NT/2000...
}" in Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
or later, where {SID
Security Identifier
In the context of the Microsoft Windows NT line of operating systems, a Security Identifier is a unique name which is assigned by a Windows Domain controller during the log on process that is used to identify a subject, such as a user or a group of users in a network of NT/2000...
} is the security identifier of that user. The DPAPI key is stored in the same file as the master key that protects the users private keys. It usually is 64 bytes of random data.
Though the DPAPI
DPAPI
DPAPI is a simple cryptographic application programming interface available as a built-in component in Windows 2000 and later versions of Microsoft Windows operating systems...
internals are largely undocumented by Microsoft, Elie Bursztein
Elie Bursztein
Elie Bursztein is a French security researcher which focus on web, mobile and offensive security . He is most known for his work on CAPTCHA,, his novel attacks and his creative use of applied cryptography...
and Jean-Michel Picod presented an analysis of the protocol titled, Reversing DPAPI and Stealing Windows Secrets Offline at Black Hat DC 2010. In addition to their briefing, Bursztein and Picod released DPAPIck which allows offline decryption of data encrypted with DPAPI
DPAPI
DPAPI is a simple cryptographic application programming interface available as a built-in component in Windows 2000 and later versions of Microsoft Windows operating systems...
.
Security properties
DPAPI doesn't store any persistent data for itself; instead, it simply receives plaintext and returns ciphertext (or vice-versa).DPAPI security relies upon the Windows operating system's ability to protect the Master Key and RSA private keys from compromise, which in most attack scenarios is most highly reliant on the security of the end user's credentials. Particular data binary large object
Binary large object
A blob is a collection of binary data stored as a single entity in a database management system. Blobs are typically images, audio or other multimedia objects, though sometimes binary executable code is stored as a blob...
s can be encrypted in a way that salt
Salt (cryptography)
In cryptography, a salt consists of random bits, creating one of the inputs to a one-way function. The other input is usually a password or passphrase. The output of the one-way function can be stored rather than the password, and still be used for authenticating users. The one-way function...
is added and/or an external user-prompted password (aka "Strong Key Protection") is required. The use of a salt is a per-implementation option - i.e. under the control of the application developer - and is not controllable by the end user or system administrator.
Delegated access can be given to keys through the use of a COM+ object. This enables IIS
Internet Information Services
Internet Information Services – formerly called Internet Information Server – is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the most used web server after Apache HTTP Server. IIS 7.5 supports HTTP, HTTPS,...
web servers to use DPAPI.
Use of DPAPI by Microsoft Products
While not universally implemented in all Microsoft products, the use of DPAPI by Microsoft products has increased with each successive version of Windows. However, many applications from Microsoft and third-party developers still prefer to use their own protection approach or have only recently switched to use DPAPI. For example, Internet ExplorerInternet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
versions 4.0-6.0, Outlook Express
Outlook Express
Outlook Express is an email and news client that is included with Internet Explorer versions 4.0 through 6.0. As such, it is also bundled with several versions of Microsoft Windows, from Windows 98 to Windows Server 2003, and is available for Windows 3.x, Windows NT 3.51, Windows 95 and Mac OS 9...
and MSN Explorer
MSN Explorer
MSN Explorer is a web browser, developed by Microsoft, that integrates MSN and Windows Live features such as Windows Live Hotmail and Windows Live Messenger with a web browser. To make use of these services requires a Windows Live ID...
used the older Protected Storage (PStore) API to store saved credentials such as passwords etc. Internet Explorer 7
Internet Explorer 7
Windows Internet Explorer 7 is a web browser released by Microsoft in October 2006. Internet Explorer 7 is part of a long line of versions of Internet Explorer and was the first major update to the browser in more than 5 years...
now protects stored user credentials using DPAPI.
- Encrypting File SystemEncrypting File SystemThe Encrypting File System on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption...
in Windows 2000 and later - Internet Explorer 7Internet Explorer 7Windows Internet Explorer 7 is a web browser released by Microsoft in October 2006. Internet Explorer 7 is part of a long line of versions of Internet Explorer and was the first major update to the browser in more than 5 years...
, both in the standalone version available for Windows XPWindows XPWindows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
and in the integrated versions available in Windows VistaWindows VistaWindows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
and Windows Server 2008 - Windows MailWindows MailWindows Mail is an email and newsgroup client included in Windows Vista, that was superseded by Windows Live Mail. It is the successor to Outlook Express. Microsoft previewed Windows Mail on Channel 9 on October 10, 2005....
and Windows Live MailWindows Live MailWindows Live Mail is a free of charge email client from Microsoft's Windows Live set of products. It is intended to be a successor for Outlook Express on Windows XP and Windows Mail on Windows Vista... - Outlook for S/MIMES/MIMES/MIME is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFCs. S/MIME was originally developed by RSA Data Security Inc...
- Internet Information ServicesInternet Information ServicesInternet Information Services – formerly called Internet Information Server – is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the most used web server after Apache HTTP Server. IIS 7.5 supports HTTP, HTTPS,...
for SSL/TLSTransport Layer SecurityTransport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet... - Windows Rights Management Services client v1.1 and later
- Windows 2000Windows 2000Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
and later for EAP/TLS (VPN authentication) and 802.1x (WiFiWIFIWIFI is a radio station broadcasting a brokered format. Licensed to Florence, New Jersey, USA, the station is currently operated by Florence Broadcasting Partners, LLC.This station was previously owned by Real Life Broadcasting...
authentication) - Windows XP and later for Stored User Names and Passwords (aka Credential Manager)
- .NET Framework.NET FrameworkThe .NET Framework is a software framework that runs primarily on Microsoft Windows. It includes a large library and supports several programming languages which allows language interoperability...
2.0 and later for System.Security.Cryptography.ProtectedData
External links
- Windows Data Protection API (DPAPI) white paper by NAI Labs
- Data encryption with DPAPI
- Use DPAPI to encrypt and decrypt data
- How To: Use DPAPI (User Store) from ASP.NET 1.1 with Enterprise Services
- System.Security.Cryptography.ProtectedData in .NET Framework 2.0 and later
- Discussion of the use of MS BackupKey Remote Protocol by DPAPI to protect user secrets
- The Windows PStore