CryptProtectData/CryptUnprotectData 的奇怪错误

June 3rd, 2009 | Tags:

  1. CryptProtectData/CryptUnprotectData

    • Windows 提供的数据加密和解密 API.

      The CryptProtectData function performs encryption on the data in a DATA_BLOB structure. Typically, only a user with the same logon credential as the encrypter can decrypt the data. In addition, the encryption and decryption usually must be done on the same computer. For information about exceptions, see Remarks.

  2. 错误 ERROR_FILE_NOT_FOUND(2)

    • 发现一个软件bug, 用户无法保存密码,我们在保存密码到注册表以及读取时用了 CryptProtectData/CryptUnprotectData 加密/解密,查看 log 发现加密失败,用 Windbg 跟踪 CryptProtectDtat 发现Last Error 是文件找不到 ERROR_FILE_NOT_FOUND , error code 2,由于这个错误和 API 的用途之间难以发生联想,我一直以为可能是没有取得真正的错误代码。后来上网搜索发现 MSDN Blog 上一位微软的工程师写了一篇博客说了这个错误的原因和解决方法:原文地址 http://blogs.msdn.com/spatdsg/archive/2006/01/04/509452.aspx

    • Crypt* calls failing?

      Common crypto issue..

      I have seen this more than once so I thought I would mention it here.

      Calls to CryptProtectData  or CryptUnprotectData fail with ERROR_FILE_NOT_FOUND or other crypto calls fail either in context of the user or the system.  Part of tshooting this should be to  check the following reg paths:

      System:

      HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

      User:

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

      Specifically – the AppData value should read %USERPROFILE%\Application Data

      If this value is bad or the value is missing, all kinds of odd things fail due to the process not being able to determine where key data is, or sometimes the system will fail to find needed data under:

      \system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache

      A bit obscure .. but maybe it will help someone someday..

      The hard part is.. how do you know a crypto call is failing since there are very few logs or events?

      [Added May 10 ]

      One more I ran into  recently ..

      PATH:
      "C:\Documents and Settings\JoeUser\Application Data\Microsoft\Protect\
      FileName: CREDHIST

      Check the permissions AND the file attributes – should be writeable  ( not read only )

      Spat

      Published Wednesday, January 04, 2006 5:00 PM by SpatDSG

      Filed under: Crypto

更多有趣日志

    Leave a comment | Trackback
    No comments yet.