Menu
I am using DPAPI to store an XML data. The data after CryptProtectData is stored in a file. In one of my use cases, this data needs to be decrypted before any user logs in to the workstation. Since, I cannot use user specific key in this, I am setting the flag "CRYPTPROTECT_LOCAL_MACHINE" while encrypting. Entropy key is a static text.
Unprotect is working in all the scenarios except when I am calling it before logon ( no user is logged in). Its returning error 87 (the paramter is incorrect).
I re-read the entire DPAPI documentation to see how the keys are being generated. But, unfortunately, there is not enough information for this specific flag.
Will CryptUnprotectData work in this scenario at all? Can it be called by the applications that are running under some user session? Any help is appreciated.
Thanks, D
210
We use DPAPI to store a password required by a service:
Encrypt with CRYPTPROTECT_LOCAL_MACHINE | CRYPTPROTECT_UI_FORBIDDEN.
Decrypt with CRYPTPROTECT_UI_FORBIDDEN
The service runs when the machine boots (i.e. before logon); all works fine.
86
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
