Protected Store
A version of this page is also available for
4/8/2010
To help protect sensitive information or to help prevent data tampering, the protected store application programming interface (API) provides a convenient solution to cryptography, key management, and user experience issues. Protected store APIs are also called Data Protection APIs or DPAPI. The two CryptoAPI functions, CryptProtectData and CryptUnprotectData, take the user's logon credentials to lock and unlock the private data.
Note
A normal application can call the CryptProtectData or CryptUnprotectData function. The call will fail only if CRYPTPROTECT_SYSTEM is specified for the dwFlags parameter.
The protected store includes the following benefits:
- An easy-to-use application that takes data and optional password or other entropy and receives shrouded data.
- Data is protected from tampering while the device is offline.
- The transparent use of logon credentials to supply the entropy for data protection.
An application calls CryptProtectData with the sensitive data and receives the encrypted output. The application can save the encrypted data in the process memory, registry, or file system. To access that data, the application calls CryptUnprotectData with the encrypted data and receives the original plaintext output. The encryption and decryption processes must be done on the same computer and with the same user logged in.
Note
If the user logon credentials are lost or forgotten, the data is usually unrecoverable. However, if the CRYPTPROTECT_LOCAL_MACHINE flag is set when the data is encrypted, any user on the computer where the encryption was done can decrypt the data.
The functions use the PKCS#5 standard for the session key derivation. The algorithm choices for data encryption are Triple-DES and RC4; the default is AES.
The level of protection is limited by the randomness of the user password because the implementation relies primarily on the user password for unlocking private data. For example, a four-digit personal identification number (PIN) presents next to no defense in a programmatic attack. For optimum protection, using a strong password and additional entropy are highly recommended.
Use the following strong password guidelines:
- Must be at least seven characters.
- Must contain letters, numbers, and symbols.
- Must be constructed so that at least one character in the second to sixth position is a symbol.
- Must not contain the user name.
The pOptionalEntropy parameter in CryptProtectData and CryptUnprotectData allows the application to use additional entropy.
Windows Embedded CE applications and technologies, such as Point-to-Point Protocol (PPP) and Internet Explorer, use the protected store functions to secure data. CryptoAPI also uses the protected store functions to store certificates, keys, and user credentials.
See Also
Concepts
Microsoft Cryptographic System
Using Basic Cryptography Services
About Cryptographic Service Provider
Cryptography Security
Cryptography Registry Settings