Data Protection Application Programming Interface (DPAPI) is a simplecryptographicapplication programming interface available as a built-in component inWindows 2000 and later versions ofMicrosoft Windowsoperating systems. In theory, the Data Protection API can enable symmetric encryption of any kind of data; in practice, its primary use in the Windows operating system is to perform symmetric encryption of asymmetric private keys, using a user or system secret as a significant contribution of entropy. A detailed analysis of DPAPI inner-workings was published in 2011 byBursztein et al.[1]
For nearly allcryptosystems, one of the most difficult challenges is "key management" – in part, how to securely store the decryption key. If the key is stored inplain text, then any user that can access the key can access the encrypted data. If the key is to be encrypted, another key is needed, and so on. DPAPI allows developers to encrypt keys using a symmetric key derived from the user's logon secrets, or in the case of system encryption, using the system's domain authentication secrets.
The DPAPI keys used for encrypting the user'sRSA keys are stored under%APPDATA%\Microsoft\Protect\{SID} directory, where {SID} is theSecurity Identifier of that user. The DPAPI key is stored in the same file as the master key that protects the users private keys. It usually is 64 bytes of random data.
DPAPI doesn't store any persistent data for itself; instead, it simply receivesplaintext and returnsciphertext (or conversely).
DPAPI security relies upon the Windows operating system's ability to protect the master key andRSA private keys from compromise, which in most attack scenarios is most highly reliant on the security of the end user's credentials. A main encryption/decryption key is derived from user's password byPBKDF2 function.[2] Particular databinary large objects can be encrypted in a way thatsalt is added and/or an external user-prompted password (aka "Strong Key Protection") is required. The use of a salt is a per-implementation option – i.e. under the control of the application developer – and is not controllable by the end user or system administrator.
Delegated access can be given to keys through the use of aCOM+ object. This enablesIISweb servers to use DPAPI.
When a computer is a member of a domain, DPAPI has a backup mechanism to allow data deprotection in case the user's password is lost, which is named "Credential Roaming". When installing a new domain on a domain controller, a public and private key pair is generated, associated with DPAPI.When a master key is generated on a client workstation, the client communicates through an authenticatedRPC call with a domain controller to retrieve a copy of the domain's public key. The client encrypts the master key with the domain controller's public key. Finally, it stores this new backup master key in its AppData directory, just like traditional master key storage.
While not universally implemented in all Microsoft products, the use of DPAPI by Microsoft products has increased with each successive version of Windows. However, many applications from Microsoft and third-party developers still prefer to use their own protection approach or have only recently switched to use DPAPI. For example,Internet Explorer versions 4.0–6.0,Outlook Express andMSN Explorer used the older Protected Storage (PStore) API to store saved credentials such as passwords etc.Internet Explorer 7 now protects stored user credentials using DPAPI.[3]