ProtectedData encryption not available non-Windows with dotnet

[TheCakeIsNaOH]

Background

Chocolatey CLI uses System.Security.Cryptography.ProtectedData to encrypt remembered arguments in .arguments files and to encrypt sensitive information in its configuration file.

This API is available on Windows only, because it uses DPAPI, which is part of Windows.
https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.protecteddata?view=dotnet-plat-ext-6.0
dotnet/runtime#22886 (comment)

The problem

Currently, Chocolatey CLI is on .Net framework on Windows, and Mono on non-Windows. Mono does have a (less secure) implementation of this API, so there are no issues currently.

However, once Chocolatey CLI is upgraded to running on dotnet (core/5/6/7 or whatever), that will cause an issue on non-Windows systems, because then the ProtectedData API will not be available.
#2436

This causes two problems:

1. What to do instead of using ProtectedData
2. How to migrate to it, for people with pre-existing installations that they upgrade.

Solutions?

For problem one, there are multiple options I can think of:

• Just use plain text on non-Windows
• Copy the Mono implementation (copy the source into the choco source)
• Use some other encryption implementation (copy the source into the choco source) (IMHO, this is a very bad idea)
• Use something else in System.Security.Cryptography or pre-existing encryption library to encrypt the string.
• Create a tiny c# program that just encrypts/decrypts strings passed in via the CLI, and run that via Mono when encryption is required. This would still mean that Mono is required on non-Windows, but would mean that migration would not be required.

Upstream Nuget has run into this issue, and is hoping to get this fix this year: NuGet/Home#1851
We may want to wait and see what they do about this.

For the second problem about migrating from Mono to dotnet, I'm open to suggestions.

[gep13]

This is definitely an interesting problem, and one which we should watch closely to see how the NuGet Team deal with.

I am assuming that the biggest stumbling block here will be the migration from old encrypted values, to the new encryption that we end up using. Correct?

[TheCakeIsNaOH]

Possibly.

I am bringing this up now, so depending on what is picked, there is a chance to implement it now (or during the move to .net 4.8), which would still be on Mono, then everything would be migrated by the time choco is migrated to dotnet. Then we could just warn people on non-Windows to upgrade to a .net 4.8 version before upgrading to a dotnet version.

The questions about migration are more about stuff like testing if files have already been migrated, and how to signal that, how to make it not slow, etc. This depends on what exactly is chosen as the new encryption method (or lack thereof).