Protected Store API (Windows CE 5.0)
To protect sensitive information and to prevent data tampering, the protected store application programming interface (API) provides a convenient solution to cryptography, key management, and user experience issues. The two CryptoAPI functions, CryptProtectData and CryptUnprotectData, take the user's logon credentials to lock and unlock the private data.
Typically, only a user with logon credentials matching those of the encrypter can decrypt the data. In addition, decryption must be done on the computer where the data was decrypted.
See Master Key Storage for information on how to store the encryption or master key in the system registry so that certain persistent registry implementations will retain the encryption keys after losing and regaining power.
The benefits of the protected store include the following:
- An easy-to-use application that takes data and optional password or other entropy and receives shrouded data.
- Data is protected from other users who are able to log on to the same device.
- Data is protected from tampering while the device is offline.
- The transparent use of logon credentials to supply the entropy for data protection.
- Original equipment manufacturer extensibility that allows the use of hardware tokens such as smart cards or biometric devices.
Send Feedback on this topic to the authors