Data Protection Application Programming Interface (DPAPI) is a simple

cryptographic Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...

application programming interface An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how t ...

available as a built-in component in

Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RTM), releas ...

and later versions of

Microsoft Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...

s. In theory, the Data Protection API can enable symmetric encryption of any kind of data; in practice, its primary use in the Windows operating system is to perform symmetric encryption of asymmetric private keys, using a user or system secret as a significant contribution of entropy. A detailed analysis of DPAPI inner-workings was published in 2011 by Bursztein et al. For nearly all

cryptosystem In cryptography, a cryptosystem is a suite of cryptographic algorithms needed to implement a particular security service, such as confidentiality (encryption). Typically, a cryptosystem consists of three algorithms: one for key generation, one for ...

s, one of the most difficult challenges is "

key management Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, ...

" in part, how to securely store the decryption key. If the key is stored in ''

plain text In computing, plain text is a loose term for data (e.g. file contents) that represent only characters of readable material but not its graphical representation nor other objects (floating-point numbers, images, etc.). It may also include a limit ...

'', then any user that can access the key can access the encrypted data. If the key is to be encrypted, another key is needed, and so on. DPAPI allows developers to encrypt keys using a symmetric key derived from the user's logon secrets, or in the case of system encryption, using the system's domain authentication secrets. The DPAPI keys used for encrypting the user's RSA keys are stored under %APPDATA%\Microsoft\Protect\ directory, where is the

Security Identifier In the context of the Microsoft Windows NT line of operating systems, a Security Identifier (commonly abbreviated SID) is a unique, immutable identifier of a user, user group, or other security principal. A security principal has a single SID for ...

of that user. The DPAPI key is stored in the same file as the master key that protects the users private keys. It usually is 64 bytes of random data.

Security properties

DPAPI doesn't store any persistent data for itself; instead, it simply receives

plaintext In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted. Overview With the advent of comp ...

and returns

ciphertext In cryptography, ciphertext or cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext ...

(or conversely). DPAPI security relies upon the Windows operating system's ability to protect the master key and RSA private keys from compromise, which in most attack scenarios is most highly reliant on the security of the end user's credentials. A main encryption/decryption key is derived from user's password by

PBKDF2 In cryptography, PBKDF1 and PBKDF2 (Password-Based Key Derivation Function 1 and 2) are key derivation functions with a sliding computational cost, used to reduce vulnerabilities of brute-force attacks. PBKDF2 is part of RSA Laboratories' Publ ...

function. Particular data

binary large object A binary large object (BLOB or blob) is a collection of binary data stored as a single entity. Blobs are typically images, audio or other multimedia objects, though sometimes binary executable code is stored as a blob. They can exist as persistent ...

s can be encrypted in a way that

salt Salt is a mineral composed primarily of sodium chloride (NaCl), a chemical compound belonging to the larger class of salts; salt in the form of a natural crystalline mineral is known as rock salt or halite. Salt is present in vast quantitie ...

is added and/or an external user-prompted password (aka "Strong Key Protection") is required. The use of a salt is a per-implementation option i.e. under the control of the application developer and is not controllable by the end user or system administrator. Delegated access can be given to keys through the use of a

COM+ Com or COM may refer to: Computing * COM (hardware interface), a serial port interface on IBM PC-compatible computers * COM file, or .com file, short for "command", a file extension for an executable file in MS-DOS * .com, an Internet top-level d ...

object. This enables IIS

web servers A web server is computer software and underlying hardware that accepts requests via HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, commonly a web browser or web crawler, initiates ...

to use DPAPI.

Active Directory backup keys

When a computer is a member of a domain, DPAPI has a backup mechanism to allow data deprotection in case the user's password is lost, which is named "Credential Roaming". When installing a new domain on a domain controller, a public and private key pair is generated, associated with DPAPI. When a master key is generated on a client workstation, the client communicates through an authenticated RPC call with a domain controller to retrieve a copy of the domain's public key. The client encrypts the master key with the domain controller's public key. Finally, it stores this new backup master key in its AppData directory, just like traditional master key storage.

Use of DPAPI by Microsoft software

While not universally implemented in all Microsoft products, the use of DPAPI by Microsoft products has increased with each successive version of Windows. However, many applications from Microsoft and third-party developers still prefer to use their own protection approach or have only recently switched to use DPAPI. For example,

Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical user interface, graphical web browsers developed by Microsoft which was used in the Microsoft Wind ...

versions 4.0–6.0,

Outlook Express Outlook Express, formerly known as Microsoft Internet Mail and News, is a discontinued email and news client included with Internet Explorer versions 3.0 through to 6.0. As such, it was bundled with several versions of Microsoft Windows, from ...

and

MSN Explorer MSN Dial-up is an Internet service provider operated by Microsoft in the United States and formerly also in several other countries. Originally named The Microsoft Network, it debuted as a proprietary online service on August 24, 1995, to coinci ...

used the older Protected Storage (PStore) API to store saved credentials such as passwords etc.

Internet Explorer 7 Windows Internet Explorer 7 (IE7) (codenamed Rincon) is a web browser for Windows. It has been retired on all Windows versions except Windows Embedded Compact 2013. It was released by Microsoft on October 18, 2006, as the seventh version of Inte ...

now protects stored user credentials using DPAPI. * Picture password, PIN and fingerprint in

Windows 8 Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on August 1, 2012; it was subsequently made available for downl ...

Encrypting File System The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers ...

in Windows 2000 and later * SQL Server

Transparent Data Encryption Transparent Data Encryption (often abbreviated to TDE) is a technology employed by Microsoft, IBM and Oracle Corporation, Oracle to encryption, encrypt database files. TDE offers encryption at file level. TDE solves the problem of protecting data a ...

(TDE) Service Master Key encryption *

Internet Explorer 7 Windows Internet Explorer 7 (IE7) (codenamed Rincon) is a web browser for Windows. It was released by Microsoft on October 18, 2006, as the seventh version of Internet Explorer and the successor to Internet Explorer 6. Internet Explorer 7 is par ...

, both in the standalone version available for

Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was release to manufacturing, released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Wind ...

and in the integrated versions available in

Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...

and

Windows Server 2008 Windows Server 2008 is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on Fe ...

Microsoft Edge Microsoft Edge is a proprietary, cross-platform web browser created by Microsoft. It was first released in 2015 as part of Windows 10 and Xbox One and later ported to other platforms as a fork of Google's Chromium open-source project: Android ...

Windows Mail Mail (formerly Windows Mail) is an email client developed by Microsoft and included in Windows Vista and later versions of Windows. The main function of Mail is sending and receiving email. It is available as the successor to Outlook Express, whi ...

and

Windows Live Mail Windows Live Mail (formerly named Windows Live Mail Desktop, code-named Elroy) was a freeware email client from Microsoft. It is the successor to Windows Mail in Windows Vista, which was the successor to Outlook Express in Windows XP and Windows ...

* Outlook for

S/MIME S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly . It was originally developed by R ...

Internet Information Services Internet Information Services (IIS-pronounced 2S, formerly Internet Information Server) is an extensible web server software created by Microsoft for use with the Windows NT family. IIS supports HTTP, HTTP/2, HTTPS, FTP, FTPS, SMTP and NNTP. ...

for

SSL/TLS Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...

* Windows Rights Management Services client v1.1 and later *

and later for EAP/TLS (

VPN A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...

authentication) and 802.1x (

WiFi Wi-Fi () is a family of wireless network protocols, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio waves ...

authentication) * Windows XP and later for stored user names and passwords (aka Credential Manager) *

.NET Framework 2.0 Microsoft started development on the .NET Framework in the late 1990s originally under the name of Next Generation Windows Services (NGWS). By late 2001 the first beta versions of .NET 1.0 were released. The first version of .NET Framework was ...

and later for System.Security.Cryptography.ProtectedData * Microsoft.Owin (Katana) authentication by default when self-hosting (including cookie authentication and

OAuth OAuth (short for "Open Authorization") is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. T ...

tokens)

References

External links

Le fonctionnement de DPAPI par Processus Thief (FR)

Windows Data Protection API (DPAPI) white paper by NAI Labs

Data encryption with DPAPI

How To: Use DPAPI (User Store) from ASP.NET 1.1 with Enterprise Services

System.Security.Cryptography.ProtectedData in .NET Framework 2.0 and later

Discussion of the use of MS BackupKey Remote Protocol by DPAPI to protect user secrets

The Windows PStore
{{DEFAULTSORT:DPAPI Microsoft application programming interfaces Cryptographic software Microsoft Windows security technology Windows 2000