IDataProtect key expiration

Pranto Biswas 21 Reputation points
2022-02-27T10:37:19.583+00:00

I am using IDataProtector to encrypt a string and store that encrypted string in a database. It is said that the default lifetime for a key is 90 days. After that a new key is generated.

Can I decrypt that string after 90 days successfully??

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,237 questions
{count} votes

Accepted answer
  1. Bruce (SqlWork.com) 57,886 Reputation points
    2022-02-27T17:06:44.297+00:00

    No. The point of the expiration is that the key stops working. For database storage, you would need to use a non-expiring key, or reencrypt on regular basis.

    Note: Sqlserver has builtin support of at rest encryption and column encryption, why are you not using these features.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful