Currently, I'm storing my usernames & passwords in a SQL Server CE database.
I would like to use some Windows API in order to securely store my user passwords, so that no other application running on the machine could read them.
I'm supporting Windows 7, and so I cannot use Password Vault
I've tried to use the CredWrite and CredRead API, based on the example provided here.
However, while I successfully managed to store and restore my passwords, I also successfully managed to restore them using a completely different application. Meaning that the only security I have is the key I'm using.
Is there any other viable solution?
Seems like anything that use Windows Security Account Manager won't do.
Use Data Protection API (DPAPI)
CryptProtectData
to store the dataCryptUnprotectData
to retrieve the dataData is protected by the user account credentials, so it can be retrieved by other application running under same account. Alternatively you can use the machine credentials to give access to services.
See Example C Program: Using CryptProtectData for an example.
DPAPI is used by the vast majority of applications to store passwords.
Since the question is tagged with C#
: there is a .NET managed wrapper around DPAPI, which is easier than using Interop code.
A clear example on how to use this can be found here.
If the type ProtectedData
cannot be found in the namespace System.Security.Cryptography
make sure to add this nuget package
:
Install-Package System.Security.Cryptography.ProtectedData
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With