[Mono-list] disaster recovery when using data protection keypairs
sebastien.pouliot at gmail.com
Tue Dec 22 16:24:22 EST 2009
On Tue, 2009-12-22 at 12:37 -0800, dnapierski wrote:
> I'm interested in using the data protection features in mono 2.4. When using
> the user key store, I see that an xml key file gets created (e.g.
> [99999999-eeee-ffff-aaaa-111111111111][-1].xml). What are the conditions
> under which such a key file can be used on another machine? Is it possible?
Possible ? Yes, because you have access to the full source code and you
can build your *own* tools around this (ProtectedData), or any other,
However take note that your *own* extensions do not become a Mono
supported feature. I.e. for DPAPI (and keypair persistence) Mono does
not provide/support more than what the .NET framework expose. This may
cause problem is you want to depend on what the OS (Windows in this
case) can provide - because Mono is not there to replicate the OS
Specifically this means, for DPAPI, the following:
<quote>It provides protection using the user or machine
credentials to protect or unprotect data.</quote> 
The above quote is what the .NET framework (and Mono) provides. What
Windows (OS) provides (wrt DPAPI / key stores / ...) is a different, and
much larger, story.
> Let's say that I encrypt some data and store it in an external database, and
> I back-up the XML key file. Then the machine has a hard drive crash, or is
> stolen. How can I recover the encrypted data stored in the external
You have the key(s), the (encrypted) data and the source code. If you
backed them up correctly then you'll be able to decrypt the data.
> Thanks in advance for any help, including links to documentation.
There is no documentation beside the framework (monodoc or MSDN) and,
of course, the best one: source code :-)
More information about the Mono-list