On 02.01.2014 15:15, Edward Ned Harvey (mono) wrote:
In Windows, it's well documented what and how the DPAPI works. You
can protect (encrypt) data to a specific user account (or machine)...
And it's protected by the user's login credentials.
How does this work in mono? If you use the ProtectedData class, how
secure is your data? (Regular users, with linux or mac OSX)
Follow up question. If you write a daemon or service (to run on
linux or windows server), which doesn't have clearly defined login
credentials etc, and you want to securely store some information,
would you use ProtectedData, or something else?
It depends on what kind of protection do you want to ensure.
Mono's ProtectedData implementation for Unix is storing the
involved keypairs in user's profile (~/.config/.mono/keypairs).
This means that at least the superuser will be able to access
these keys.
It also means that the current user must have a home directory,
unless you're working at machine scope where /usr/share/.mono/keypairs
will be used.
Robert
_______________________________________________
Mono-list maillist - Mono-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-list
