crypt32: CryptProtectData/CryptUnprotectData
Kees Cook
kees at outflux.net
Tue May 3 02:30:32 CDT 2005
On Thu, Apr 14, 2005 at 03:44:34PM +0200, Alexandre Julliard wrote:
> > I don't like the ssh-agent idea because not everyone uses ssh-agent. If
> > inventing a data format and XORing stuff is prefered, I can write it
> > that way.
> >
> > What direction should I take this?
>
> You should do this as close to Windows as possible, so that it's
> easier to adapt it to work correctly later on. If you do everything
> right except you replace the encryption step by a dummy XOR, then it's
> obvious how to fix it. With the registry approach, if someone wants to
> fix it they first have to rip out all the code and restart from
> scratch; that makes it much less likely that it ever will get fixed.
I'd really like to get my Crypt*Protect data patches in, so I want to
make sure that I do this rewrite in a way that'll bet accepted. If I
understand correctly, you want me to:
- parse the Windows data format as best I can
- produce output that looks like the Windows data format
- do some kind of encryption on the data so that nothing needs to be
stored to the computer between calls of CryptProtectData and
CryptUnprotectData. (The existing patches intentionally avoid
any encryption.)
More information about the wine-devel
mailing list