From 85b75ebb48217b09170dba6ab60a103668aa8e6b Mon Sep 17 00:00:00 2001 From: Harald Steinlechner Date: Tue, 5 Jan 2016 17:29:45 +0100 Subject: [PATCH 1/3] ConfigFile: password encryption does not work on specific machine configurations. This is the minimal fix to make password encryption work in our environment. seealso issue: #1346 --- src/Paket.Core/ConfigFile.fs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Paket.Core/ConfigFile.fs b/src/Paket.Core/ConfigFile.fs index 763ca475ab..b7206e4960 100644 --- a/src/Paket.Core/ConfigFile.fs +++ b/src/Paket.Core/ConfigFile.fs @@ -55,7 +55,7 @@ let private getRandomSalt() = /// Encrypts a string with a user specific keys let Encrypt (password : string) = let salt = getRandomSalt() - let encryptedPassword = ProtectedData.Protect(Encoding.UTF8.GetBytes password, salt, DataProtectionScope.CurrentUser) + let encryptedPassword = ProtectedData.Protect(Encoding.UTF8.GetBytes password, salt, DataProtectionScope.LocalMachine) salt |> Convert.ToBase64String , encryptedPassword |> Convert.ToBase64String From d237e40e5913a762f44c068de84ebf18f20f06e3 Mon Sep 17 00:00:00 2001 From: Harald Steinlechner Date: Tue, 5 Jan 2016 17:44:42 +0100 Subject: [PATCH 2/3] ConfigFile: data protection fix for mono (probing first tries current user encryption scope and local machine if attempt fails) --- src/Paket.Core/ConfigFile.fs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/Paket.Core/ConfigFile.fs b/src/Paket.Core/ConfigFile.fs index b7206e4960..83232f2bf6 100644 --- a/src/Paket.Core/ConfigFile.fs +++ b/src/Paket.Core/ConfigFile.fs @@ -55,7 +55,12 @@ let private getRandomSalt() = /// Encrypts a string with a user specific keys let Encrypt (password : string) = let salt = getRandomSalt() - let encryptedPassword = ProtectedData.Protect(Encoding.UTF8.GetBytes password, salt, DataProtectionScope.LocalMachine) + let encryptedPassword = + try + ProtectedData.Protect(Encoding.UTF8.GetBytes password, salt, DataProtectionScope.CurrentUser) + with | :? CryptographicException as e -> + traceWarnfn "could not protect password: %s\n for current user" e.Message + ProtectedData.Protect(Encoding.UTF8.GetBytes password, salt, DataProtectionScope.LocalMachine) salt |> Convert.ToBase64String , encryptedPassword |> Convert.ToBase64String From 889da19fc66c50a710a0b204d2527527a6b5681f Mon Sep 17 00:00:00 2001 From: Harald Steinlechner Date: Tue, 5 Jan 2016 18:18:08 +0100 Subject: [PATCH 3/3] ConfigFile: verbose instead of warn --- src/Paket.Core/ConfigFile.fs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Paket.Core/ConfigFile.fs b/src/Paket.Core/ConfigFile.fs index 83232f2bf6..5f9d679695 100644 --- a/src/Paket.Core/ConfigFile.fs +++ b/src/Paket.Core/ConfigFile.fs @@ -59,7 +59,7 @@ let Encrypt (password : string) = try ProtectedData.Protect(Encoding.UTF8.GetBytes password, salt, DataProtectionScope.CurrentUser) with | :? CryptographicException as e -> - traceWarnfn "could not protect password: %s\n for current user" e.Message + verbosefn "could not protect password: %s\n for current user" e.Message ProtectedData.Protect(Encoding.UTF8.GetBytes password, salt, DataProtectionScope.LocalMachine) salt |> Convert.ToBase64String , encryptedPassword |> Convert.ToBase64String