问题
DPAPI has 2 functions: CryptUnprotectDataand CryptProtectData.
I read They do the encryption or decryption by using a session key that the function creates by using the user's logon credentials. Does that mean that I do not need store this key anywhere and they will created when I want encrypt or decrypt data?
Also I found An important point to remember is that DPAPI merely applies cryptographic protection to the data. It does not store any of the protected data; therefore applications calling DPAPI must implement their own storage of the protected data. Is this about the key or a file what was encrypted?
回答1:
The mentioned functions use the key specific to the logged in user. Thus you don't need to store the key. However, these functions are merely for data transformation and not for data storage. This means that it's your job to store encrypted data chunk wherever you want - the CryptProtectData won't do this for you.
来源:https://stackoverflow.com/questions/24386336/do-i-need-to-store-key-for-cryptunprotectdata-and-cryptprotectdata