[Mono-list] Data Protection

Robert Jordan robertj at gmx.net
Fri Jan 3 17:59:08 UTC 2014


On 02.01.2014 15:15, Edward Ned Harvey (mono) wrote:
> In Windows, it's well documented what and how the DPAPI works.  You
> can protect (encrypt) data to a specific user account (or machine)...
> And it's protected by the user's login credentials.
>
> How does this work in mono?  If you use the ProtectedData class, how
> secure is your data?  (Regular users, with linux or mac OSX)
>
> Follow up question.  If you write a daemon or service (to run on
> linux or windows server), which doesn't have clearly defined login
> credentials etc, and you want to securely store some information,
> would you use ProtectedData, or something else?

It depends on what kind of protection do you want to ensure.

Mono's ProtectedData implementation for Unix is storing the
involved keypairs in user's profile (~/.config/.mono/keypairs).
This means that at least the superuser will be able to access
these keys.

It also means that the current user must have a home directory,
unless you're working at machine scope where /usr/share/.mono/keypairs 
will be used.


Robert



More information about the Mono-list mailing list