The DotNet face of DPAPI is these two classes (they have decent code examples):
http://msdn2.microsoft.com/en-us/library/system.security.cryptography.pr otecteddata.aspx http://msdn2.microsoft.com/en-us/library/system.security.cryptography.pr otectedmemory.aspx They allow the DataProtectionScope to be specified during protection: http://msdn2.microsoft.com/en-us/library/system.security.cryptography.da taprotectionscope.aspx One value is: LocalMachine - The protected data is associated with the machine context. Any process running on the computer can unprotect data. This enumeration value is usually used in server-specific applications that run on a server where untrusted users are not allowed access. BTW - through using well-known [to your application] "salt" (a.k.a. optionalEntropy) you can make it more difficult for other applications to access that data (they'll have to get the salt from your assembly). Was that what you were looking for? Erik -----Original Message----- From: Discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] On Behalf Of Mont Rothstein Sent: Thursday, March 27, 2008 3:39 PM To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM Subject: Re: Storing shared secrets Thanks guys. I wasn't aware of DPAPI. Unfortunately it is user specific and I need something that will work for all users. What I think is needed (and apparently does not exist) is the .NET equivalent of DPAPI. Something that has a secure path from the specific version of an application to a highly secure storage. This would also address DPAPI's second shortcoming that any app can access a given user's data. I want this did to be non-discoverable. Ideas? Thanks, -Mont =================================== This list is hosted by DevelopMentor(r) http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
