Can access the data protected with the DataProtection with LOCAL=user with others?

Petchiammal Rajumayandi 61 Reputation points
2023-07-04T04:10:28.7833333+00:00

Hi,

I have a Windows 10 Laptop and have user login with my Microsoft account. I am developing a UWP encrypting the data with DataProtection API with LOCAL=user protection descriptor. I have already read many links for the DataProtection API, but unable understand how the data is secured.. I am going to use another Windows 10 Laptop with a user login with the Same Microsoft account. The UWP app and the Data encrypted in the Laptop 1 can be accessible from Laptop 2 as well?

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
12,077 questions
Universal Windows Platform (UWP)
{count} votes

2 answers

Sort by: Most helpful
  1. Junjie Zhu - MSFT 20,441 Reputation points Microsoft Vendor
    2023-07-04T07:40:43.5766667+00:00

    Hi @Petchiammal Rajumayandi ,

    Welcome to Microsoft Q&A!

    The data protected with the DataProtection is stored locally. If you want to access the data on a different computer, you may need to upload the data to the database, can this meet your expectations?

    Thank you.

    0 comments No comments

  2. Limitless Technology 44,541 Reputation points
    2023-07-04T14:11:23.5833333+00:00

    Hello Petchiammal,

    Thank you for your question and for reaching out with your question today.

    The DataProtection API in UWP provides a way to encrypt and decrypt data using the user's credentials as a protection descriptor. When you encrypt data using the DataProtection API with the LOCAL=user protection descriptor, the data is encrypted using the user's credentials on the local machine. This means that the encrypted data can only be decrypted by the same user on the same machine.

    In your scenario, if you have a Windows 10 laptop with a user login using your Microsoft account and you develop a UWP app that encrypts data using the DataProtection API with the LOCAL=user protection descriptor, the encrypted data will be tied to your user account and the specific machine where the encryption took place.

    If you then try to access the encrypted data from another Windows 10 laptop with the same user login and Microsoft account, you will not be able to decrypt the data. This is because the encryption is tied to the specific machine where the encryption occurred. Even though you are using the same Microsoft account, the encryption keys are unique to each machine.

    In summary, the data encrypted with the DataProtection API and the LOCAL=user protection descriptor in Laptop 1 will not be accessible from Laptop 2, even if you use the same Microsoft account. The encryption is tied to the specific machine and user's credentials.

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

    If the reply was helpful, please don’t forget to upvote or accept as answer.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.