Solved

Using CryptUnprotectData

Posted on 2008-06-24
3
1,186 Views
Last Modified: 2010-10-26
Hi,

I am using CryptprotectData and CryptUnprotectData to store user credentials in the registry. The CryptprotectData & CryptUnprotectData work fine when I pass the OUT datablob from the CryptprotectData to the CryptUnprotectData API immediately.
Things are different when I save the result of the CryptprotectData into a registry and read it later to decrypt it.  I think it has something to do with string format (WCHAR to BYTE*) but I seem to be converting it before passing it to the CryptUnprotectData API.

Here is my code -
WRReg.GetUserName(&szData);

			//LPCSTR lpData = W2A(szData);

			DATA_BLOB DataEncrypted;

			DataEncrypted.pbData = (BYTE*)(W2A(szData));

			DataEncrypted.cbData = 24;

			if(!CryptUnprotectData(&DataEncrypted,&pDescrOut,NULL,NULL,NULL,CRYPTPROTECT_UI_FORBIDDEN,&DataBlob) )

				return FALSE;

Open in new window

0
Comment
Question by:exchnerd
3 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 125 total points
ID: 21864292
data blobs are binary and should not be stored directly into the registry as strings but either filtered though bin64 or stored as a byte field. I think really you need to do a data fidelity test for diagnostics - store the blob, then immediately read it back and do a byte-by-byte comparison on the array to ensure what you read back matches what you stored.

this won't be an issue with the crypt, but with storing and retrieving binary data from the registry.
0
 

Author Closing Comment

by:exchnerd
ID: 31470151
Thanks for the input! It now works as expected :-)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now