CredProtect function

The CredProtect function encrypts the specified credentials so that only the current security context can decrypt them.


BOOL WINAPI CredProtect(
  _In_    BOOL                 fAsSelf,
  _In_    LPTSTR               pszCredentials,
  _In_    DWORD                cchCredentials,
  _Out_   LPTSTR               pszProtectedCredentials,
  _Inout_ DWORD                *pcchMaxChars,
  _Out_   CRED_PROTECTION_TYPE *ProtectionType


fAsSelf [in]

Set to TRUE to specify that the credentials are encrypted in the security context of the current process. Set to FALSE to specify that credentials are encrypted in the security context of the calling thread security context.

pszCredentials [in]

A pointer to a string that specifies the credentials to encrypt. The function encrypts the number of characters provided in the cchCredentials parameter.

cchCredentials [in]

The size, in characters, of the pszCredentials buffer.

pszProtectedCredentials [out]

A pointer to a string that, on output, receives the encrypted credentials.

pcchMaxChars [in, out]

The size, in characters of the pszProtectedCredentials buffer. On output, if the pszProtectedCredentials is not of sufficient size to receive the encrypted credentials, this parameter specifies the required size, in characters, of the pszProtectedCredentials buffer.

ProtectionType [out]

A pointer to a CRED_PROTECTION_TYPE enumeration type that, on output, specifies the type of protection provided.

Return value

TRUE if the function succeeds; otherwise, FALSE.

For extended error information, call the GetLastError function.


Note that the output of the CredProtect function is not integrity protected, so if the output is modified, the CredUnprotect function is not updated and may produce incorrect results.


Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]







Unicode and ANSI names

CredProtectW (Unicode) and CredProtectA (ANSI)