How to decrypt data which is crypted by CryptProtectData function?

Question

I know that CryptProtectData function crypts data using windows user\'s password, I can decrypt it using CryptUnprotectData function when I am logged in crypter user, how is

Answer 1

CryptProtectData can use the CRYPTPROTECT_LOCAL_MACHINE flag, but that means any user will decrypt. Using CRYPTPROTECT_LOCAL_MACHINE basically does not protect anything at the user level, it simply makes the data protected on machine level (and even so, an user with a roaming profile can decrypt as well). If you need to protect something only with password, consider using CryptGenKey and CryptEncrypt functions instead (samples provided at the bottom of the page for both encrypting and decrypting a file).

Answer 2

CryptProtectData uses an encryption algorithm which derives its key from environment variables such as the current machine ID and user credentials. This also implies that you need to be the encrypting user to decrypt in most cases.

There is a small caveat, however, where you can bypass the user credentials getting into the make up of the key; but sadly the best you can do is encrypt something that can be decrypted by any user on the same machine.

As presented here, you can set the dwFlags to "CRYPTPROTECT_LOCAL_MACHINE" (dwFlags being an enum, you can simply set it to a uint 0). Just be sure to also set dwFlags to uint(0) when you call CryptUnprotectData on your encrypted stuff and the two functions will be perfectly symmetric and work fine with each other. I have personally tried this and can attest that it works.

Yes, this whole needing the same machine system gets really annoying, but it is by far the securest way to encrypt something and be sure no other computer in the world can decrypt it.

Hope this helped, Nashwan.