• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1273
  • Last Modified:

Using CryptUnprotectData

Hi,

I am using CryptprotectData and CryptUnprotectData to store user credentials in the registry. The CryptprotectData & CryptUnprotectData work fine when I pass the OUT datablob from the CryptprotectData to the CryptUnprotectData API immediately.
Things are different when I save the result of the CryptprotectData into a registry and read it later to decrypt it.  I think it has something to do with string format (WCHAR to BYTE*) but I seem to be converting it before passing it to the CryptUnprotectData API.

Here is my code -
WRReg.GetUserName(&szData);
			//LPCSTR lpData = W2A(szData);
			DATA_BLOB DataEncrypted;
			DataEncrypted.pbData = (BYTE*)(W2A(szData));
			DataEncrypted.cbData = 24;
			if(!CryptUnprotectData(&DataEncrypted,&pDescrOut,NULL,NULL,NULL,CRYPTPROTECT_UI_FORBIDDEN,&DataBlob) )
				return FALSE;

Open in new window

0
exchnerd
Asked:
exchnerd
1 Solution
 
Dave HoweSoftware and Hardware EngineerCommented:
data blobs are binary and should not be stored directly into the registry as strings but either filtered though bin64 or stored as a byte field. I think really you need to do a data fidelity test for diagnostics - store the blob, then immediately read it back and do a byte-by-byte comparison on the array to ensure what you read back matches what you stored.

this won't be an issue with the crypt, but with storing and retrieving binary data from the registry.
0
 
exchnerdAuthor Commented:
Thanks for the input! It now works as expected :-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now