[xmlsec] RE: X509 data not reloaded from keys file
Aleksey Sanin
aleksey at aleksey.com
Fri Mar 21 13:17:11 PST 2003
>
>
>I'm using Microsoft's data
>protection API (DPAPI) to encrypt the document. If it works as advertised,
>it should only be feasible to decrypt it 1) on the machine it was encrypted
>on 2) with secondary entropy known only to my app.
>
I did not look at this api but from general security point of view, I
doubt the
first statement unless there is a crypto *hardware* support (which is
not the case
on a general i386 box). It's only a matter of time, resources and will
to hack it.
Aleksey
More information about the xmlsec
mailing list