使用 DPAPI 保护加密密钥:明显的漏洞?
我有一个基于 Windows.Forms 的 .NET 桌面应用程序,它将特权信息存储在磁盘上的文件中(不使用 .NET 配置文件),并使用对称加密算法(例如使用 MS 的 CryptoAPI 的 TripleDES)进行加密。该文件必须在多个程序运行/机器电源周期中读取/写入,即每次都使用相同的密钥/IV。这里明显的问题是如何保护密钥(可能还有 IV),这里的几个问题只是说“使用 DPAPI”并给出一个往返加密/解密的简单示例。
我已经知道如何使用 DPAPI,但使用它来保护要馈送到另一个加密方案的密钥/IV 似乎存在明显的问题。考虑下面的代码:
TripleDESCryptoServiceProvider^ cryptoprov = gcnew TripleDESCryptoServiceProvider;
cryptoprov->Key = ProtectedData::Unprotect(encryptedKey, salt, DataProtectionScope::CurrentUser);
cryptoprov->IV = ProtectedData::Unprotect(encryptedIV, salt, DataProtectionScope::CurrentUser);
由于必须分配 SymmetricAlgorithm 派生类的 Key 和 IV,攻击者难道不能在这一点上设置一个断点,并轻松找出 Key/IV 是什么吗?
我的问题如下:
- 我是否错过了使用DPAPI来保护密钥的要点?你会怎么做?
- 我应该只使用 DPAPI 来加密我的文件吗?因此,不需要密钥/IV 存储。
- 我注意到用于非对称加密的 CspParameters 的存在。这本质上是比对称更好的选择吗? (在我的场景中,不是对称的还是不对称的)
谢谢!
I have a Windows.Forms based .NET desktop application that stores privileged information in a file on disk (not using .NET configuraton files), encrypted using a symmetric cryptography algorithm such as TripleDES using MS's CryptoAPI. This file must be read/written over multiple program runs / machine power cycles, aka, use the same Key/IV every time. The obvious question here is how to protect the Key (and possibly IV), and several questions here on SO simply say "use the DPAPI" and give a trivial example of round trip encryption/decryption.
I know how to use the DPAPI already, but it seems there is an obvious problem with using it to protect a Key/IV to be fed to another encryption scheme. Consider the following code:
TripleDESCryptoServiceProvider^ cryptoprov = gcnew TripleDESCryptoServiceProvider;
cryptoprov->Key = ProtectedData::Unprotect(encryptedKey, salt, DataProtectionScope::CurrentUser);
cryptoprov->IV = ProtectedData::Unprotect(encryptedIV, salt, DataProtectionScope::CurrentUser);
Due to the fact you must assign a SymmetricAlgorithm derived class' Key and IV, couldn't an attacker just set a breakpoint on this point, and easily figure out what the Key/IV is?
My questions are as follows:
- Have I missed the point for using DPAPI to protect keys? How would you do it?
- Should I just use the DPAPI for the encryption of my file? Therefore, no Key/IV storage needed.
- I've noticed the existence of CspParameters for asymmetric encryption. Is this inherently a better option than symmetrical? (within the context of my scenario, not symmetric vs assymetric outright)
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果攻击者能够设置断点,那么您就已经失败了。
攻击者只需在数据解密后设置断点并读取明文即可。
你害怕什么样的攻击者?
如果愿意,可以编写
if (Debugger.IsAttached)Environment.FailFast(),但攻击者可以使用 Reflexil 删除该检查。If the attacker is able to set a breakpoint, you've already lost.
The attacker can simply set a breakpoint after the data is decrypted and read the plaintext.
What kind of attacker are you afraid of?
If you want to, you can write
if (Debugger.IsAttached) Environment.FailFast(), but the attacker can remove the check using Reflexil.DPAPI 的目标是保护持久数据免遭窥探和篡改,它无法保护应用程序内存中的秘密数据。
The goal of DPAPI is to protect persistant data from snooping and tampering, it offers nothing to protect tha secret data in the application's memory.