Reputation: 63
Credential Manager CredentialBlob clear text
if I save a new credential with:
CREDENTIALW cred = { 0 };
...
cred.Type = CRED_TYPE_GENERIC;
cred.TargetName = convert("PIN");
cred.CredentialBlob = (LPBYTE)pBlob; // value here: "password"
..
BOOL ok = ::CredWriteW(&cred, 0);
...
and then received it:
PCREDENTIALW pcred;
BOOL ok = ::CredReadW(L"PIN", CRED_TYPE_GENERIC, 0, &pcred);
I can see the password in clear text. Should I encrypt/ decrypt the value CredentialBlob separately or is it also possible to encrypt the values with the Win32 API?
Thanks in advance!
Upvotes: 0
Views: 152
Answers (1)
Reputation: 1341
You can always use a CryptProtectData and CryptUnprotectData functions pair from DPAPI to protect your data.
If your code (or any part) will be work as SYSTEM account (or any service account) you need to set CRYPTPROTECT_LOCAL_MACHINE flag in dwFlags parameter:
When this flag is set, it associates the data encrypted with the current computer instead of with an individual user. Any user on the computer on which CryptProtectData is called can use CryptUnprotectData to decrypt the data.
Upvotes: 0
Related Questions
- How can I clear the interpreter console?
- IIS Manager in Windows 10
- Is it possible to synchronize the Windows's SAM Password to local file
- Windows credential provider pinlogonprovider
- CryptEncrypt does not encrypt whole text
- C++: How to programmatically create a local user logon credential in Windows Credential Manager so "runas /savecred" can use it?
- How to convert Variant Safe Array into Char using C++ win32 API?