Data Protection Application Programming Interface (DPAPI) is a simple cryptographic application programming interface available as a built-in component in Windows 2000 and later versions of Microsoft Windows operating systems. In theory, the Data Protection API can enable symmetric encryption of any kind of data; in practice, its primary use in the Windows operating system is to perform symmetric encryption of asymmetric private keys, using a user or system secret as a significant contribution of entropy. A detailed analysis of DPAPI inner-workings was published in 2011 by Bursztein et al.[1]
For nearly all cryptosystems, one of the most difficult challenges is "key management" – in part, how to securely store the decryption key. If the key is stored in plain text, then any user that can access the key can access the encrypted data. If the key is to be encrypted, another key is needed, and so on. DPAPI allows developers to encrypt keys using a symmetric key derived from the user's logon secrets, or in the case of system encryption, using the system's domain authentication secrets.
The DPAPI keys used for encrypting the user's RSA keys are stored under %APPDATA%\Microsoft\Protect\{SID} directory, where {SID} is the Security Identifier of that user. The DPAPI key is stored in the same file as the master key that protects the users private keys. It usually is 64 bytes of random data.
^Bursztein, Elie; Picod, Jean Michel (2010). "Recovering Windows secrets and EFS certificates offline". WoOT 2010. Usenix.
and 25 Related for: Data Protection API information
Windows operating systems. In theory, the DataProtectionAPI can enable symmetric encryption of any kind of data; in practice, its primary use in the Windows...
An application programming interface (API) is a way for two or more computer programs or components to communicate with each other. It is a type of software...
consists of a combination of symmetric and asymmetric ciphers: Windows DataProtectionAPI (DPAPI) protects a single instance-wide Service Master Key (SMK)...
Database Connectivity (ODBC) is a standard application programming interface (API) for accessing database management systems (DBMS). The designers of ODBC...
WPA2) used to secure Wi-Fi wireless networks Microsoft Windows Data ProtectionAPI (DPAPI) OpenDocument encryption used in OpenOffice.org WinZip's AES...
Authentication to a secure roaming keyring store protected by the DataProtectionAPI. Saved credentials can be managed from the Stored User Names and...
encrypted in process memory using Windows DataProtectionAPI, which allows storing the key for memory protection in a secure, non-swappable memory area...
perform operations that would increase the security of data exchange within web applications. The API would provide a low-level interface to create and/or...
version of Windows in use when the files are encrypted: BitLocker DataProtectionAPI Disk encryption Disk encryption software eCryptfs EncFS Filesystem-level...
being unpartitioned, Shared Storage API ensures data can only be read in a secure environment. Private Aggregation API tracks some aggregated statistics...
controls. Also, Internet Explorer 7 and later use the more secure DataProtectionAPI (DPAPI) to store their credentials such as passwords instead of the...
living standard maintained by the WHATWG and a successor to The WebSocket API from the W3C. WebSocket is distinct from HTTP used to serve most webpages...
scraper is an API or tool to extract data from a website. Companies like Amazon AWS and Google provide web scraping tools, services, and public data available...
Information System or APIS is an electronic data interchange system established by the U.S. Customs and Border Protection (CBP). APIS governs the provision...
submitted, but an API key must be provided and other restrictions to public API usage may apply (see #Public API). VirusTotal provides a public API as a free...
Driver Framework v1, for writing user-mode drivers using a C++ COM-based API User-Mode Driver Framework v2, for writing user-mode drivers with syntactic...
require (gear) score protection in excess of that provided by API GL-5 gear oils. The original API GL-6 test equipment is obsolete. API Category MT-1 designates...
reported. The Graph API is the core of Facebook Platform, enabling developers to read from and write data into Facebook. The Graph API presents a simple...
application data. Cloud storage services may be accessed through a colocated cloud computing service, a web service application programming interface (API) or...
Generic Security Service Application Program Interface (GSSAPI, also GSS-API) is an application programming interface for programs to access security...
peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection (protection from replay attacks)...
The 2018 Google data breach was a major data privacy scandal in which the Google+ API exposed the private data of over five hundred thousand users. Google+...
sued for violating EU General DataProtection Regulations in August 2023. In April 2023, the EU's European DataProtection Board (EDPB) formed a dedicated...