How to check Global Reversible Encryption though JNA?

Question

I am trying to retrieve the global value of the Reversible Encryption setting in Windows through JNA (Java Native Access) programmatically.

I am able to read other values from the Global user password policy via JNA such as

1. Enforce password history
2. Maximum password age
3. Minimum password age
4. Minimum password length

But there is no information on how you can get specifically the value of Reversible Encryption in Java? I tried to google but to no avail. Anyone knows?

Answer 1

The reversible encryption setting is available in WMI in the RSOP_SecuritySettingBoolean class, using the key ClearTextPassword.

It is possible to query WMI via the command line (e.g., wmic /NAMESPACE:\\root\RSOP\Computer path RSOP_SecuritySettingBoolean) or through powershell. I have implemented a WMI Util class using JNA that implements C code to query WMI that you are welcome to copy if you'd prefer a programmatic approach (you'll need a few more classes there.)

You can also execute this on the command line: Secedit.exe /export /cfg c:\cfg.txt and read the output file, looking for the value of ClearTextPassword.

It also looks like you can possibly fetch the value with a binary dump of the contents of registry key \HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\F in which case the value would be stored in the 4 most significant bits of the byte at offset 0x004C. You can read the registry using JNA's Advapi32Util class (in this case, probably registryGetBinaryValue()).

I also found a registry location that may be helpful (completely untested): \HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values. This points to similar settings in Machine/System/CurrentControlSet/Services/Netlogon/Parameters which may or may not be helpful