[Mono-dev] Equivalent of DPAPI in Linux / Status of ProtectedData ?

Sebastien Pouliot sebastien.pouliot at gmail.com
Wed Feb 17 07:55:18 EST 2010

Bonjour Lionel,

On Wed, 2010-02-17 at 09:29 +0100, Lionel Cuir wrote:
> Hello,
> In Windows/.NET, we can access the DPAPI via the ProtectedData class.
> According to http://www.mono-project.com/Cryptography, "There is
> partial support for ProtectedData and ProtectedMemory on Mono. On
> Windows Mono will use DPAPI (Data Protection API) for increased
> interoperability, while it will use its own implementation on other
> operating systems. "
> => Is it possible to have any details about this "own implementation"?

You mean something like the source code ? ;-)


>  How secure it is? 

It should be as much secure as your user/machine (scope dependent) file
system is (keypair persistence). I.e. if someone can logon as the user
then it can access the data (which is identical to DPAPI behavior on

> On which mechanism/other software it relies in Linux?

It's entirely a managed implementation. From source code::

// * Separate RSA 1536 bits keypairs for each user and the computer 
// * AES 128 bits encryption (separate key for each data protected) 
// * SHA256 digest to ensure integrity


More information about the Mono-devel-list mailing list