This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 9%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
I am using IDataProtector to encrypt a string and store that encrypted string in a database. It is said that the default lifetime for a key is 90 days. After that a new key is generated.
Can I decrypt that string after 90 days successfully??
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 90%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZL%3C/text%3E%3C/svg%3E)
Hi @Pranto Biswas ,
From the document, it seems that you can decrypt that string as long as the retired keys remain on the system.
When a key expires, the app automatically generates a new key and sets the new key as the active key. As long as retired keys remain on the system, your app can decrypt any data protected with them..
Best regards,
Dillion
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
No. The point of the expiration is that the key stops working. For database storage, you would need to use a non-expiring key, or reencrypt on regular basis.
Note: Sqlserver has builtin support of at rest encryption and column encryption, why are you not using these features.
Dear @Bruce (SqlWork.com) , Thanks. I'm using MySQL. And I want to encrypt the data from my service layer. Can you please suggest my any Asp .Net Core built in approach for long term data encryption to store in database?
Then use a non-expiring key. You can write a utility to periodically update the values with a new key.