How to encrypt string in Java using Windows DPAPI using the system context instead of the user context?

Question

I'm trying to encrypt a password to be stored across multiple instances of my program, but it needs to be able to be decrypted by all users on the machine. I have already looked around for options, and had javaDPAPI recommended to me. However, this only seems to encrypt based on the current user context.

Based on microsoft's documentation there seems to be a way to do this, but I am not sure how to do this and I am not very familiar with java and have never done something like this.

Henno Brandsma · Answer 1 · 2019-07-06T12:26:49.123

You need to set the Boolean in the second constructor of DataProtector mentioned here to true.

This needs some adaptation in the class you linked too:

changing this.protector = new DataProtector() to

this.protector = new DataProtector(true) should do it, I think.

You could even add a project unique "entropy" byte array so that only someone knowing that entropy could decrypt the secret, and other programs cannot. This is also part of the original Microsoft design.

How to encrypt string in Java using Windows DPAPI using the system context instead of the user context?

1 Answers1