Credential Manager CredentialBlob clear text

105 Views Asked by Emil At 27 September 2023 at 15:09

if I save a new credential with:

CREDENTIALW cred = { 0 };
...
cred.Type = CRED_TYPE_GENERIC;
cred.TargetName = convert("PIN");
cred.CredentialBlob = (LPBYTE)pBlob; // value here: "password"
..
BOOL ok = ::CredWriteW(&cred, 0);
...

and then received it:

PCREDENTIALW pcred;
BOOL ok = ::CredReadW(L"PIN", CRED_TYPE_GENERIC, 0, &pcred);

I can see the password in clear text. Should I encrypt/ decrypt the value CredentialBlob separately or is it also possible to encrypt the values with the Win32 API?

Thanks in advance!

Original Q&A

There are 1 best solutions below

Alexander On 27 September 2023 at 21:16 BEST ANSWER

You can always use a CryptProtectData and CryptUnprotectData functions pair from DPAPI to protect your data.

If your code (or any part) will be work as SYSTEM account (or any service account) you need to set CRYPTPROTECT_LOCAL_MACHINE flag in dwFlags parameter:

When this flag is set, it associates the data encrypted with the current computer instead of with an individual user. Any user on the computer on which CryptProtectData is called can use CryptUnprotectData to decrypt the data.

Credential Manager CredentialBlob clear text

There are 1 best solutions below

Related Questions in WINDOWS

Related Questions in WINAPI

Related Questions in WINDOWS-CREDENTIAL-PROVIDER

Trending Questions

Popular # Hahtags

Popular Questions