locked
Related to salt encryption(Salt rotation) RRS feed

  • Question

  • I am encrypting a string based on the salt key.

    iam thinking to rotate the salt key,if i rotate the salt key then the strings which are encrypted using old salt key should be decrypted after salt key rotation.

    Want to understand is that possible, if not what are the other options i have?

    Wednesday, August 12, 2020 6:45 PM

All replies

  • Hi MMKR.MMKR,

    Thank you for posting here.

    Why do you want to rotate the salt?

    We generally use a new salt per password: 

    Why do I need to use the Rfc2898DeriveBytes class (in .NET) instead of directly using the password as a key or IV?

    We can use RijndaelManaged Class to encrypt a string like:

    Encrypt and decrypt a string in C#?

    Best Regards,

    Xingyu Zhao


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, August 13, 2020 3:07 AM
  • In Azure Key vault, we will be storing the salt key. Below is the flow

    • We will be calling Azure key vault with the client id and client secret to get the salt key
    • Once we receive the saltkey, we will be encrypting the string using salt key.
    • We send the encrypted string to vendor.
    • we share the Azure key vault  client id and secret to vendor.
    • Vendor is going to call the azure key vault to get the salt key
    • Vendor using salt key they will decrypt the string.


    My question is can we rotate saltkey periodically? if so, can we decrypt the existing string which is done by using old salt key? Assume that salt key is compromised?

    if not what are the other ways we can look into it based on the above flow i mentioned.

    Thursday, August 13, 2020 7:22 PM
  • Hi MMKR.MMKR,

    Thanks for your feedback.

    Since your question is related to Azure Key vault, you can ask your question in new Azure Key Vault forum for more efficient responses.

    Thank you for your understanding.

    Best Regards,

    Xingyu Zhao


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, August 14, 2020 1:32 AM