DPAPI and Roaming Profile

[Anushri Sarda]

Hi,

Is it possible to retrieve the master key from the domain controller and use
it to encrypt the application data.

The problem is I do not want to have a roaming profile, but still want to
have my key accessible on different machine that was used to encrypt the
data

Thanks

 

[Steven L Umbach]

You can logon to the computer where your key is stored and use the mmc certificate
snapin for user to export your certificate and private key to a .pfx file that you
could then use to import into your profile on the other computer. --- Steve

 

[Drew Cooper [MSFT]]

That's not going to get the DPAPI keys. They're buried in the %appdata% and
there's no wizard to export/import them.
If you have an app that encrypts data I would strongly recommend using
CryptAPI instead of DPAPI. It's more flexible, can encrypt data of
arbitrary length, and key management is much easier.

 

[Steven L Umbach]

Thanks for that info. I though the was referring to EFS. --- Steve

That's not going to get the DPAPI keys. They're buried in the %appdata% and
there's no wizard to export/import them.
If you have an app that encrypts data I would strongly recommend using
CryptAPI instead of DPAPI. It's more flexible, can encrypt data of
arbitrary length, and key management is much easier.
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

You can logon to the computer where your key is stored and use the mmc certificate
snapin for user to export your certificate and private key to a .pfx file that you
could then use to import into your profile on the other computer. --- Steve