1

DPAPI has 2 functions: CryptUnprotectDataand CryptProtectData.
I read They do the encryption or decryption by using a session key that the function creates by using the user's logon credentials. Does that mean that I do not need store this key anywhere and they will created when I want encrypt or decrypt data?
Also I found An important point to remember is that DPAPI merely applies cryptographic protection to the data. It does not store any of the protected data; therefore applications calling DPAPI must implement their own storage of the protected data. Is this about the key or a file what was encrypted?

RuF
  • 548
  • 1
  • 11
  • 31

1 Answers1

1

The mentioned functions use the key specific to the logged in user. Thus you don't need to store the key. However, these functions are merely for data transformation and not for data storage. This means that it's your job to store encrypted data chunk wherever you want - the CryptProtectData won't do this for you.

Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121
  • Thank you. It is that I needed. But I have some another questions. Do I need to store key for CryptEncrypt and CryptDecrypt? And does WIN API have functions for storing this key if I need to store it? – RuF Jun 25 '14 at 10:28
  • @user3186861 The key is derived from the user credentials of the current user account. This means that (a) you don't need to store the key, and (b) if the user account is lost, so is the data, because the key will disappear with the user account. I am not aware of any ways to backup the key. – Eugene Mayevski 'Callback Jun 25 '14 at 10:47
  • Does CryptEncrypt and CryptDecrypt use user account like CryptUnprotectDataand CryptProtectData? – RuF Jun 25 '14 at 11:12
  • I thought [CryptEncrypt](http://msdn.microsoft.com/en-us/library/aa379924(v=vs.85).aspx) and `CryptDecrypt` use key created by [CryptGenKey](http://msdn.microsoft.com/en-us/library/aa379941). Does [CryptExportKey](http://msdn.microsoft.com/en-us/library/windows/desktop/aa379931(v=vs.85).aspx) store the created by `CryptGenKey` key in CSP key database? Or do I need store key for encrypt myself? – RuF Jun 25 '14 at 11:27
  • CryptGenKey is a different story - it can generate a symmetric key which you can store elsewhere and use with CryptEncrypt then. On a side note, StackOverflow is not a forum, but a question/answer site. One (or several tightly linked) question should be asked as a "new question" and answers are given. Comments are for asking for details or minor corrections, they are not for chatting. If you have questions about CryptEncrypt - post new questions. – Eugene Mayevski 'Callback Jun 25 '14 at 12:12