1

Is there a way to protect some cryptographic data from applications other than my own in Windows? I'm not concerned about protecting it from the user - this is obviously impossible - but, rather, from non-elevated applications other than my own.

I'm aware that I could simply run the application's core code as a service, with the data accessible only to system accounts, but I would prefer if I could keep the application running under a token not much more permissive than the user's normal token.

Additionally, I would prefer not to have a dependency on .NET if possible.

bdonlan
  • 224,562
  • 31
  • 268
  • 324
  • 1
    Considering that everything the user does is via some application running as their account, there's no difference between "protecting it from other applications" and "protecting it from the user". – Ben Voigt Feb 26 '11 at 15:23
  • @Ben, but there is a difference between "protecting from _non-elevated_ applications" and "protecting it from the user". – bdonlan Feb 26 '11 at 15:43
  • To put it another way, I don't want application to be able to read my secure store without popping up a consent dialog on the secure desktop, at least (on vista/7). – bdonlan Feb 26 '11 at 15:44
  • @bdonlan: And is your application running elevated? What stops any other program from copying your executable to a writable area, patching it, and running it. Or injecting a DLL into your process. – Ben Voigt Feb 26 '11 at 16:49
  • You'd have to find a datastore that runs as system and serves up the data, checking the identity of the application requesting access. It would have to check the process path and content. And the process would have to set its token to prevent other applications from injecting a DLL (of course any use with debug privilege could bypass this). I'm not aware of any existing software which provides such a datastore. – Ben Voigt Feb 26 '11 at 16:52
  • @Ben, I'm assuming the user has no (non-elevated) write access to the application executable - of course, more detailed verification may be necessary - it's ok for me if there's a small kernel running as a service or something to check that the right application is running, but I don't want the main application logic running with additional system-level rights. – bdonlan Feb 26 '11 at 17:13
  • @bdonlan: If the user has **read** access to the application executable, they can copy it to a new location and modify it there. – Ben Voigt Feb 26 '11 at 17:21
  • @Ben: Certainly. So this will have to include a component that verifies the application executable has not been modified - or that explicitly loads the unmodified executable in a way that is not under the control of the user, prior to granting access – bdonlan Feb 26 '11 at 17:23

1 Answers1

0

CryptProtectData can do per-user encryption (it is per-user if you do not pass CRYPTPROTECT_LOCAL_MACHINE flag). However if you opt for per-user encryption, other users including elevated admins won't decrypt it.

Community
  • 1
  • 1
Vladislav Vaintroub
  • 5,308
  • 25
  • 31
  • While this can be a useful component of the system, it doesn't protect against other non-elevated applications, which is what I'm really after here... – bdonlan Feb 26 '11 at 17:13
  • I believe then the goal is harder to achieve. Applications do not have identity on Windows, while users and machines have one. – Vladislav Vaintroub Feb 26 '11 at 20:03