Sunday, February 20, 2011

Data encryption with DPAPI

Windows Data Protection

DPAPI - Data Protection Application Programming Interface; most probably the smallest API available under Win32. It contains just two functions.
Beginning with Windows 2000, Microsoft introduced the DPAPI. It wasn't well known or documented until Windows XP came out.

The DPAPI is a pretty well thought-out mechanism to allow any application to do simple and yet powerful encryption for its data. It has good recovery methods - in case the password gets lost, fully supports enterprise or home use and is based on the Cryptographic Services available under Win32.
So, what does it actually do?? Simple - it encrypts or decrypts a block of data.
And it does it without asking much for settings, cryptographic keys, algorithms and other hocus-pocus. Sounds like a ideal function for securing sensitive data? Definitely. There are some options that you can set but it goes even without them.

Here are some highlights:
user bound encryption (using users credentials)
machine bound encryption (using the machines credentials)
application supplied pass phrase
optional user supplied password
transparent mode (no user-interface at all)
optional security auditing
operating on standards - PKCS#5v2, RFC-2404, RSA etc.
MSDN contains a very well written article explaining the guts of DPAPI and is for sure worth reading if you are into security.
While DPAPI isn't generally difficult to use it has some pitfalls which you can avoid with the CProtectedData class
The class makes all necessary conversions if needed (DPAPI takes only UNICODE strings) and handles filling the data structures, allocating/freeing memory and so on. But at the end its just a wrapper class.
It provides one function in many flavors to perform the encryption and another one for decryption. Sanity checks on parameters are performed.
User interface
As you can see on the pictures, the CryptoAPI provides some dialog boxes with information and options to the user. It allows the user to modify encryption strength, choose a custom password and view information about the data to be encrypted.
Its important to remember when the user is allowed to choose a password, he most probably will forget it. In this case there is no way to retrieve this lost password and the data is not recoverable.

Read more: Codeproject