This repository was archived by the owner on Oct 17, 2018. It is now read-only.
This repository was archived by the owner on Oct 17, 2018. It is now read-only.
[Question] - keys rolling over, and Unprotect #137
Description
Myself and a few others have read the current documentation but remain unclear on the following, and wondered if someone could help clarify?
We are intiialising DataProtection like so:
services.AddDataProtection();
services.ConfigureDataProtection(configure =>
{
// persist keys to a specific directory
configure.PersistKeysToFileSystem(new DirectoryInfo(@".\keys"));
});
Next, say we create a file and save some data to that file using DPAPI "Protect" method.
Let's say that file is going to stay around for a long time, containing our protected data.
We can currently read the data from the file into our application using DPAPI Unprotect() method - great.
However when DPAPI does it's key rolling magic (I'm assuming it does that automatically) - will one day our application try to Unprotect() the file that was written yonks ago - and go "Nope Sorry".
I.e can we always Unprotect data irrespective of how long ago it was protected?