Data Protection API

Last updated March 18, 2023

Data Protection Application Programming Interface (DPAPI) is a simple cryptographic application programming interface available as a built-in component in Windows 2000 and later versions of Microsoft Windows operating systems. In theory, the Data Protection API can enable symmetric encryption of any kind of data; in practice, its primary use in the Windows operating system is to perform symmetric encryption of asymmetric private keys, using a user or system secret as a significant contribution of entropy. A detailed analysis of DPAPI inner-workings was published in 2011 by Bursztein et al.^[1]

For nearly all cryptosystems, one of the most difficult challenges is "key management" – in part, how to securely store the decryption key. If the key is stored in plain text , then any user that can access the key can access the encrypted data. If the key is to be encrypted, another key is needed, and so on. DPAPI allows developers to encrypt keys using a symmetric key derived from the user's logon secrets, or in the case of system encryption, using the system's domain authentication secrets.

The DPAPI keys used for encrypting the user's RSA keys are stored under %APPDATA%\Microsoft\Protect\{SID} directory, where {SID} is the Security Identifier of that user. The DPAPI key is stored in the same file as the master key that protects the users private keys. It usually is 64 bytes of random data.

Security properties

DPAPI doesn't store any persistent data for itself; instead, it simply receives plaintext and returns ciphertext (or conversely).

DPAPI security relies upon the Windows operating system's ability to protect the master key and RSA private keys from compromise, which in most attack scenarios is most highly reliant on the security of the end user's credentials. A main encryption/decryption key is derived from user's password by PBKDF2 function.^[2] Particular data binary large objects can be encrypted in a way that salt is added and/or an external user-prompted password (aka "Strong Key Protection") is required. The use of a salt is a per-implementation option – i.e. under the control of the application developer – and is not controllable by the end user or system administrator.

Delegated access can be given to keys through the use of a COM+ object. This enables IIS web servers to use DPAPI.

Active Directory backup keys

When a computer is a member of a domain, DPAPI has a backup mechanism to allow data deprotection in case the user's password is lost, which is named "Credential Roaming". When installing a new domain on a domain controller, a public and private key pair is generated, associated with DPAPI. When a master key is generated on a client workstation, the client communicates through an authenticated RPC call with a domain controller to retrieve a copy of the domain's public key. The client encrypts the master key with the domain controller's public key. Finally, it stores this new backup master key in its AppData directory, just like traditional master key storage.

Use of DPAPI by Microsoft software

While not universally implemented in all Microsoft products, the use of DPAPI by Microsoft products has increased with each successive version of Windows. However, many applications from Microsoft and third-party developers still prefer to use their own protection approach or have only recently switched to use DPAPI. For example, Internet Explorer versions 4.0–6.0, Outlook Express and MSN Explorer used the older Protected Storage (PStore) API to store saved credentials such as passwords etc. Internet Explorer 7 now protects stored user credentials using DPAPI.^[3]

Picture password, PIN and fingerprint in Windows 8
Encrypting File System in Windows 2000 and later
SQL Server Transparent Data Encryption (TDE) Service Master Key encryption^[4]
Internet Explorer 7, both in the standalone version available for Windows XP and in the integrated versions available in Windows Vista and Windows Server 2008
Microsoft Edge
Windows Mail and Windows Live Mail
Outlook for S/MIME
Internet Information Services for SSL/TLS
Windows Rights Management Services client v1.1 and later
Windows 2000 and later for EAP/TLS (VPN authentication) and 802.1x (WiFi authentication)
Windows XP and later for stored user names and passwords^[5] (aka Credential Manager)
.NET Framework 2.0 and later for System.Security.Cryptography.ProtectedData^[6]
Microsoft.Owin (Katana) authentication by default when self-hosting (including cookie authentication and OAuth tokens)^[7]^[8]

Related Research Articles

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily at a client–server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.

An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

In computer security, challenge–response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated.

S/MIME is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFC 3369, 3370, 3850 and 3851. It was originally developed by RSA Data Security and the original specification used the IETF MIME specification with the de facto industry standard PKCS#7 secure message format. Change control to S/MIME has since been vested in the IETF and the specification is now layered on Cryptographic Message Syntax (CMS), an IETF specification that is identical in most respects with PKCS #7. S/MIME functionality is built into the majority of modern email software and interoperates between them. Since it is built on CMS, MIME can also hold an advanced digital signature.

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

In a Windows network, NT LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft LAN Manager (LANMAN), an older Microsoft product. The NTLM protocol suite is implemented in a Security Support Provider, which combines the LAN Manager authentication protocol, NTLMv1, NTLMv2 and NTLM2 Session protocols in a single package. Whether these protocols are used or can be used on a system which is governed by Group Policy settings, for which different versions of Windows have different default settings.

BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.

Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

This is a technical feature comparison of different disk encryption software.

Skype is a Voice over Internet Protocol (VoIP) system developed by Skype Technologies S.A. It is a peer-to-peer network where voice calls pass over the Internet rather than through a special-purpose network. Skype users can search for other users and send them messages.

Security Support Provider Interface (SSPI) is a component of Windows API that performs security-related operations such as authentication.

Hardware-based full disk encryption (FDE) is available from many hard disk drive (HDD/SSD) vendors, including: ClevX, Hitachi, Integral Memory, iStorage Limited, Micron, Seagate Technology, Samsung, Toshiba, Viasat UK, Western Digital. The symmetric encryption key is maintained independently from the computer's CPU, thus allowing the complete data store to be encrypted and removing computer memory as a potential attack vector.

Pre-boot authentication (PBA) or power-on authentication (POA) serves as an extension of the BIOS, UEFI or boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents anything being read from the hard disk such as the operating system until the user has confirmed they have the correct password or other credentials including multi-factor authentication.

KeePass Password Safe is a free and open-source password manager primarily for Windows. It officially supports macOS and Linux operating systems through the use of Mono. Additionally, there are several unofficial ports for Windows Phone, Android, iOS, and BlackBerry devices, which normally work with the same copied or shared (remote) password database. KeePass stores usernames, passwords, and other fields, including free-form notes and file attachments, in an encrypted file. This file can be protected by any combination of a master password, a key file, and the current Windows account details. By default, the KeePass database is stored on a local file system.

Proton Mail is an end-to-end encrypted email service founded in 2013 in Geneva, Switzerland. It uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and Outlook.com. The service can be accessed through a webmail client, the Tor network, or dedicated iOS and Android apps.

Biometric tokenization is the process of substituting a stored biometric template with a non-sensitive equivalent, called a token, that lacks extrinsic or exploitable meaning or value. The process combines the biometrics with public-key cryptography to enable the use of a stored biometric template for secure or strong authentication to applications or other systems without presenting the template in its original, replicable form.

References

↑ Bursztein, Elie; Picod, Jean Michel (2010). "Recovering Windows secrets and EFS certificates offline". WoOT 2010. Usenix.
↑ "Windows Password Recovery – DPAPI Master Key analysis". Passcape.com. Retrieved 2013-05-06.
↑ Mikhael Felker (December 8, 2006). "Password Management Concerns with IE and Firefox, part one". SecurityFocus.com, Symantec.com . Retrieved 2010-03-28.
↑ "Encryption Hierarchy". Msdn.microsoft.com. Retrieved 14 October 2017.
↑ "What's New in Security for Windows XP Professional and Windows XP Home Edition". Technet.microsoft.com. Retrieved 14 October 2017.
↑ "ProtectedData Class (System.Security.Cryptography)". Msdn2.microsoft.com. Retrieved 14 October 2017.
↑ "CookieAuthenticationOptions.TicketDataFormat Property (Microsoft.Owin.Security.Cookies)" . Retrieved 2015-01-15.
↑ "OAuthAuthorizationServerOptions.AccessTokenFormat Property (Microsoft.Owin.Security.OAuth)" . Retrieved 2018-11-26.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Bursztein, Elie; Picod, Jean Michel (2010). "Recovering Windows secrets and EFS certificates offline". WoOT 2010. Usenix.

[2] "Windows Password Recovery – DPAPI Master Key analysis". Passcape.com. Retrieved 2013-05-06.

[3] Mikhael Felker (December 8, 2006). "Password Management Concerns with IE and Firefox, part one". SecurityFocus.com, Symantec.com . Retrieved 2010-03-28.

[4] "Encryption Hierarchy". Msdn.microsoft.com. Retrieved 14 October 2017.

[5] "What's New in Security for Windows XP Professional and Windows XP Home Edition". Technet.microsoft.com. Retrieved 14 October 2017.

[6] "ProtectedData Class (System.Security.Cryptography)". Msdn2.microsoft.com. Retrieved 14 October 2017.

[7] "CookieAuthenticationOptions.TicketDataFormat Property (Microsoft.Owin.Security.Cookies)" . Retrieved 2015-01-15.

[8] "OAuthAuthorizationServerOptions.AccessTokenFormat Property (Microsoft.Owin.Security.OAuth)" . Retrieved 2018-11-26.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

v t e Microsoft APIs and frameworks
Graphics	Desktop Window Manager Direct2D Direct3D D3D (extensions) GDI / GDI+ WPF Silverlight WinUI Windows Color System Windows Image Acquisition Windows Imaging Component DirectX Graphics Infrastructure (DXGI) Windows Advanced Rasterization Platform WinG
Audio	DirectMusic DirectSound DirectX plugin XACT Speech API XAudio2
Multimedia	DirectX Media Objects Video Acceleration Xinput DirectInput DirectShow Image Mastering API Managed DirectX Media Foundation XNA Windows Media Video for Windows
Web	MSHTML RSS Platform JScript VBScript BHO XDR SideBar Gadgets TypeScript
Data access	Data Access Components (MDAC) ADO ADO.NET ODBC OLE DB Extensible Storage Engine Entity Framework Sync Framework Access Database Engine MSXML OPC
Networking	Winsock LSP Winsock Kernel Filtering Platform NDIS Windows Rally BITS P2P API MSMQ MS MPI DirectPlay
Communication	Messaging API Telephony API WCF
Administration and management	Win32 console Windows Script Host WMI (extensions) PowerShell Task Scheduler Offline Files Shadow Copy Windows Installer Error Reporting Event Log Common Log File System
Component model	COM COM+ ActiveX Distributed Component Object Model .NET Framework
Libraries	Framework Class Library Microsoft Foundation Classes (MFC) Active Template Library (ATL) Windows Template Library (WTL)
Device drivers	WDM WDF KMDF UMDF WDDM NDIS UAA BDA VxD
Security	Crypto API CAPICOM Windows CardSpace Data Protection API Security Support Provider Interface (SSPI)
.NET	ASP.NET ADO.NET Remoting Silverlight TPL WCF WCS WPF WF
Software factories	EFx Factory Enterprise Library Composite UI CCF CSF
IPC	MSRPC Dynamic Data Exchange (DDE) Remoting WCF
Accessibility	Active Accessibility UI Automation
Text and multilingual support	DirectWrite Text Services Framework Text Object Model Input method editor Language Interface Pack Multilingual User Interface Uniscribe