Solved

Using CryptUnprotectData

Posted on 2008-06-24
3
1,226 Views
Last Modified: 2010-10-26
Hi,

I am using CryptprotectData and CryptUnprotectData to store user credentials in the registry. The CryptprotectData & CryptUnprotectData work fine when I pass the OUT datablob from the CryptprotectData to the CryptUnprotectData API immediately.
Things are different when I save the result of the CryptprotectData into a registry and read it later to decrypt it.  I think it has something to do with string format (WCHAR to BYTE*) but I seem to be converting it before passing it to the CryptUnprotectData API.

Here is my code -
WRReg.GetUserName(&szData);
			//LPCSTR lpData = W2A(szData);
			DATA_BLOB DataEncrypted;
			DataEncrypted.pbData = (BYTE*)(W2A(szData));
			DataEncrypted.cbData = 24;
			if(!CryptUnprotectData(&DataEncrypted,&pDescrOut,NULL,NULL,NULL,CRYPTPROTECT_UI_FORBIDDEN,&DataBlob) )
				return FALSE;

Open in new window

0
Comment
Question by:exchnerd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 125 total points
ID: 21864292
data blobs are binary and should not be stored directly into the registry as strings but either filtered though bin64 or stored as a byte field. I think really you need to do a data fidelity test for diagnostics - store the blob, then immediately read it back and do a byte-by-byte comparison on the array to ensure what you read back matches what you stored.

this won't be an issue with the crypt, but with storing and retrieving binary data from the registry.
0
 

Author Closing Comment

by:exchnerd
ID: 31470151
Thanks for the input! It now works as expected :-)
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question