如何存储和检索库的Windows凭据管理器的凭据?
我要安全地存储Windows PC上的明文密码。我目前使用DPAPI CryptProtectData$c$c>对它进行加密,然后将加密的BLOB存储在用户的本地应用程序数据文件。
I want to securely store a plaintext password on Windows PC. I am currently using DPAPI CryptProtectData
to encrypt it, then store the encrypted blob in a file in user's local AppData.
在Windows 7中,存在的Windows库,凭证管理器(控制面板\\用户帐户和家庭安全\\凭据管理器),用于存储登录为多种登录类型的数据,包括普通凭据。表面上,这看起来像一个程序来存储凭据正确的地方。但是,我无法找到任何API它。我读Authentication功能在MSDN参考,但坦率地说迷路了它。
In Windows 7, there is Windows Vault, a credential manager (Control Panel\User Accounts and Family Safety\Credential Manager) that stores logon data for a variety of logon types, including "generic credential". On the surface this looks like the right place for a program to store credentials. However, I was not able to find any API for it. I read Authentication function reference in MSDN, but frankly got lost in it.
有没有到Windows库中的API来存储和检索程序凭据,如果是的,我在哪里可以找到文档?
Is there an API to Windows Vault to store and retrieve credentials from a program, and, if yes, where can I find documentation?
非常感谢@Luke的提示:Windows API函数来存储凭据,并从Windows库读取它们是CredWrite()$c$c>和CredRead()$c$c>.下面是可以编译和运行一个code样品,我用于确认这些功能确实做意料之中的事情:
Many thanks to @Luke for the hint: Windows API functions to store credentials to and read them from Windows Vault are CredWrite()
and CredRead()
. Here is a code sample that may be compiled and run, that I used to confirm that these functions indeed do the expected thing:
#include <windows.h>
#include <wincred.h>
#include <tchar.h>
#pragma hdrstop
void main ()
{
{ //--- SAVE
char* password = "brillant";
DWORD cbCreds = 1 + strlen(password);
CREDENTIALW cred = {0};
cred.Type = CRED_TYPE_GENERIC;
cred.TargetName = L"FOO/account";
cred.CredentialBlobSize = cbCreds;
cred.CredentialBlob = (LPBYTE) password;
cred.Persist = CRED_PERSIST_LOCAL_MACHINE;
cred.UserName = L"paula";
BOOL ok = ::CredWriteW (&cred, 0);
wprintf (L"CredWrite() - errno %d\n", ok ? 0 : ::GetLastError());
if (!ok) exit(1);
}
{ //--- RETRIEVE
PCREDENTIALW pcred;
BOOL ok = ::CredReadW (L"FOO/account", CRED_TYPE_GENERIC, 0, &pcred);
wprintf (L"CredRead() - errno %d\n", ok ? 0 : ::GetLastError());
if (!ok) exit(1);
wprintf (L"Read username = '%s', password='%S' (%d bytes)\n",
pcred->UserName, (char*)pcred->CredentialBlob, pcred->CredentialBlobSize);
// must free memory allocated by CredRead()!
::CredFree (pcred);
}
}
一个通用的证书存储在Windows库,因为可以在截图中可以看出:
A generic credential is stored in Windows Vault, as can be seen on the screenshot: