您的位置: 首页  >  技术问答  >  如何存储和检索库的Windows凭据管理器的凭据?

如何存储和检索库的Windows凭据管理器的凭据?

分类: 技术问答 2022-04-22 11:44:38
问题描述:

我要安全地存储Windows PC上的明文密码。我目前使用DPAPI CryptProtectData$c$c>对它进行加密,然后将加密的BLOB存储在用户的本地应用程序数据文件。

I want to securely store a plaintext password on Windows PC. I am currently using DPAPI CryptProtectData to encrypt it, then store the encrypted blob in a file in user's local AppData.

在Windows 7中,存在的Windows库,凭证管理器(控制面板\\用户帐户和家庭安全\\凭据管理器),用于存储登录为多种登录类型的数据,包括普通凭据。表面上,这看起来像一个程序来存储凭据正确的地方。但是,我无法找到任何API它。我读Authentication功能在MSDN参考,但坦率地说迷路了它。

In Windows 7, there is Windows Vault, a credential manager (Control Panel\User Accounts and Family Safety\Credential Manager) that stores logon data for a variety of logon types, including "generic credential". On the surface this looks like the right place for a program to store credentials. However, I was not able to find any API for it. I read Authentication function reference in MSDN, but frankly got lost in it.

有没有到Windows库中的API来存储和检索程序凭据,如果是的,我在哪里可以找到文档?

Is there an API to Windows Vault to store and retrieve credentials from a program, and, if yes, where can I find documentation?

非常感谢@Luke的提示:Windows API函数来存储凭据,并从Windows库读取它们是CredWrite()$c$c>和CredRead()$c$c>.下面是可以编译和运行一个code样品,我用于确认这些功能确实做意料之中的事情:

Many thanks to @Luke for the hint: Windows API functions to store credentials to and read them from Windows Vault are CredWrite() and CredRead(). Here is a code sample that may be compiled and run, that I used to confirm that these functions indeed do the expected thing:

#include <windows.h>
#include <wincred.h>
#include <tchar.h>
#pragma hdrstop

void main ()
{
    { //--- SAVE
        char* password = "brillant";
        DWORD cbCreds = 1 + strlen(password);

        CREDENTIALW cred = {0};
        cred.Type = CRED_TYPE_GENERIC;
        cred.TargetName = L"FOO/account";
        cred.CredentialBlobSize = cbCreds;
        cred.CredentialBlob = (LPBYTE) password;
        cred.Persist = CRED_PERSIST_LOCAL_MACHINE;
        cred.UserName = L"paula";

        BOOL ok = ::CredWriteW (&cred, 0);
        wprintf (L"CredWrite() - errno %d\n", ok ? 0 : ::GetLastError());
        if (!ok) exit(1);
    }
    { //--- RETRIEVE
        PCREDENTIALW pcred;
        BOOL ok = ::CredReadW (L"FOO/account", CRED_TYPE_GENERIC, 0, &pcred);
        wprintf (L"CredRead() - errno %d\n", ok ? 0 : ::GetLastError());
        if (!ok) exit(1);
        wprintf (L"Read username = '%s', password='%S' (%d bytes)\n", 
                 pcred->UserName, (char*)pcred->CredentialBlob, pcred->CredentialBlobSize);
        // must free memory allocated by CredRead()!
        ::CredFree (pcred);
    }
}

一个通用的证书存储在Windows库,因为可以在截图中可以看出:

A generic credential is stored in Windows Vault, as can be seen on the screenshot:

相关推荐