To protect sensitive information or prevent data tampering, the protected store application programming interface (API) provides a convenient solution to cryptography, key management, and user experience issues. The two CryptoAPI functions, CryptProtectData and CryptUnprotectData, take the user's logon credentials to lock and unlock the private data.
Note An untrusted application can call the CryptProtectData or CryptUnprotectData function. The call will fail only if CRYPTPROTECT_SYSTEM is specified for the dwFlags parameter.
The protected store includes the following benefits:
- An easy-to-use application that takes data and optional password or other entropy and receives shrouded data.
- Data is protected from other users who are able to log on to the same device.
- Data is protected from tampering while the device is offline.
- The transparent use of logon credentials to supply the entropy for data protection.
An application calls CryptProtectData with the data to protect and receives the encrypted output. The application can save the encrypted data in the process memory, registry, or file system. To access that data, the application calls CryptUnprotectData with the encrypted data and receives the original plaintext output. The encryption and decryption processes must be done on the same computer and with the same user logged in.
Note If the user logon credentials are lost or forgotten, the data is usually unrecoverable. However, if the CRYPTPROTECT_LOCAL_MACHINE flag is set when the data is encrypted, any user on the computer where the encryption was done can decrypt the data.
The functions use the PKCS#5 standard for the session key derivation. The algorithm choices for data encryption are Triple-DES and RC4; the default is RC4.
The level of protection is limited by the randomness of the user password because the implementation relies primarily on the user password for unlocking private data. For example, a four-digit personal identification number (PIN) presents next to no defense in a programmatic attack. For optimum protection, using a strong password and additional entropy are highly recommended.
Use the following strong password guidelines:
- Must be at least seven characters.
- Must contain letters, numbers, and symbols.
- Must be constructed so that at least one character in the second to sixth position is a symbol.
- Must not contain the user name.
The pOptionalEntropy parameter in CryptProtectData and CryptoUnprotectData allows the application to use additional entropy.
Windows CE applications and components, such as Point-to-Point Protocol (PPP) and Internet Explorer, use the protected store functions to secure data. CryptoAPI also uses the protected store functions to store certificates, keys, and user credentials.
Last updated on Thursday, April 08, 2004
© 1992-2003 Microsoft Corporation. All rights reserved.