[Mono-dev] Equivalent of DPAPI in Linux / Status of ProtectedData ?
Sebastien Pouliot
sebastien.pouliot at gmail.com
Wed Feb 17 07:55:18 EST 2010
Bonjour Lionel,
On Wed, 2010-02-17 at 09:29 +0100, Lionel Cuir wrote:
> Hello,
>
> In Windows/.NET, we can access the DPAPI via the ProtectedData class.
> According to http://www.mono-project.com/Cryptography, "There is
> partial support for ProtectedData and ProtectedMemory on Mono. On
> Windows Mono will use DPAPI (Data Protection API) for increased
> interoperability, while it will use its own implementation on other
> operating systems. "
>
> => Is it possible to have any details about this "own implementation"?
You mean something like the source code ? ;-)
http://anonsvn.mono-project.com/viewvc/trunk/mcs/class/System.Security/System.Security.Cryptography/ProtectedData.cs?revision=52282
http://anonsvn.mono-project.com/viewvc/trunk/mcs/class/System.Security/Mono.Security.Cryptography/ManagedProtection.cs?revision=51999
> How secure it is?
It should be as much secure as your user/machine (scope dependent) file
system is (keypair persistence). I.e. if someone can logon as the user
then it can access the data (which is identical to DPAPI behavior on
Windows).
> On which mechanism/other software it relies in Linux?
It's entirely a managed implementation. From source code::
// * Separate RSA 1536 bits keypairs for each user and the computer
// * AES 128 bits encryption (separate key for each data protected)
// * SHA256 digest to ensure integrity
Sebastien
More information about the Mono-devel-list
mailing list