tags:

views:

712

answers:

7
+7  Q: 

Is there some sort of secure local storage on Windows?

I was thinking of making a small tool. It is not important what the tool will do. The important thing, is that the tool will need to store some sensitive information on the user's HDD. EDIT: The information that will be stored is USER'S information - I'm not trying to protect my own content, that I distribute with the app.

I understand that I need to encrypt this information. But then, where do I safely store the encryption password? It's some sort of an infinite recursion...

So, is there a way, to encrypt information on windows, and have windows securely manage the passwords? When I say windows I mean Windows XP SP2 or later.

I should also note, that users on the same system must not have access to other users information (even when they are both running my application).

I'm looking for both - .NET 2.0 (C#) and native (C/C++) solutions to this problem.

+3  A: 

You can use the native encryption facility. Set the encrypt attribute on your folder or file (from the property page, click on the "advanced" button). Then you can set the users that can access the file (by default this only includes the file creator). The big advantage of this solution is that it is totally transparent from the application and the users points of view.

To do it programmatically: using the Win32 API, call EncryptFile() on the directory where you want to store your sensitive per-user data. From now on all newly created files within this dir will be encrypted and only readable by their creator (that would be the current user of your app). Alternatively you can use the FILE_ATTRIBUTE_ENCRYPTED flag on individual files at creation time. You can check encryption info from the explorer on the file's property page, and see that app-created files are correctly encrypted and restricted to their respective users. There is no password to store or use, everything is transparent.

If you want to hide data from all users then you can create a special app-specific user and impersonate it from your app. This, along with ACLs, is the blessed technique on Windows for system services.

fbonnet  2009-01-14 09:57:50
Can I set it from code? Like from .NET C# or native C++ application?
Paulius Maruška  2009-01-14 09:59:41
That doesn't help when distributing the code / tool to others though...
xan  2009-01-14 10:02:30
Well, the information must be entered by the user first, and then my app would need to securely store it. So, if I can create such file from inside my app - it could work.
Paulius Maruška  2009-01-14 10:03:42
The compression flag is a standard file attribute, so it can be set programmatically with e.g. CreateFile (use the flag FILE_ATTRIBUTE_ENCRYPTED). So you can create a dir with this flag set, then add your files there and the system takes care of the rest.
fbonnet  2009-01-14 10:20:59
Be aware that the flag is only honoured on NTFS partitions. If the data is saved/copied to a FAT partition (e.g. USB stick) it will be in its raw form.
devstuff  2009-01-14 11:07:05
+2  A: 

You might want to look at Isolated Storage, which is a way of storing settings and other data on a per-application data automatically. See an example and MSDN.

This is an alternative to storing normal settings in the registry, a better one in a lot of cases... I'm not sure how the data is stored to file however so you'd need to check, you wouldn't want it to be accessible, even encrypted, to other users. From memory only the app. that created the storage can open it - but that needs checking.

Edit:

From memory when I last used this, a good approach is to write a "Setting" class which handles all the settings etc. in your app. This class then has the equivalent of Serialize and DeSerialize methods which allow it to write all its data to an IsolatedStorage file, or load them back again.

The extra advantage of implementing it in this way is you can use attributes to mark up bits of the source and can then use a Property Grid to quickly give you user-edit control of settings (the Property Grid manipulates class properties at runtime using reflection).

xan  2009-01-14 09:59:07
I'm reading the docs now. This looks promising...
Paulius Maruška  2009-01-14 10:04:33
A: 

Erm hash the password? You don't need to store the real deal anywhere on the machine just a hashed password (possibly salted too). Then when the user enters their password you perform the same operation on that and compare it to the hashed one you've stored on disk.

Quibblesome  2009-01-14 10:07:19
That's the point - I don't want to even ask the user for password. The point of my app, is that if the user already logged in into Windows - then he is who he says he is. So this wouldn't work for me.
Paulius Maruška  2009-01-14 10:11:04
If the user is already logged in then why do you bother using a password in the first place?
liggett78  2009-01-14 10:29:36
Because the information that will be stored in an external file (or whatever) must not be accessible from another user (if someone else logs into his own windows account).
Paulius Maruška  2009-01-14 10:48:09
AND the information must be safe from other applications, that the same user might execute.
Paulius Maruška  2009-01-14 10:56:33
Wait... if they don't have a password that your app uses then.... what prevents another user using the same program on the same machine and reading their data that way?
Quibblesome  2009-01-14 11:14:14
I guess it depends on how "secret" the data should be. Family / friends or just outsiders.
Quibblesome  2009-01-14 11:15:02
No it doesn't. Just read the other answers - there IS an API in WINDOWS, that allows to store data without password (well, internally, password is used, but my app doesn't need to remember it - it's all managed internally by Windows).
Paulius Maruška  2009-01-14 11:28:26
Well then I humbly apologise for both a) not having a complete answer and b) trying to help.
Quibblesome  2009-01-14 14:47:06
A: 

I recommend you look at the Enterprise Library Cryptography Application Block. Check this blog post. Windows has a built in Data Protection API for encrypting data, but the Crypto Application Block makes it more straightforward.

jwanagel  2009-01-14 10:14:26
+8  A: 

is there a way, to encrypt information on windows, and have windows securely manage the passwords?

CryptProtectData: http://msdn.microsoft.com/en-us/library/ms884464.aspx

Using from .NET: http://msdn.microsoft.com/en-us/library/aa302402.aspx

Historically, Protected Storage: http://msdn.microsoft.com/en-us/library/bb432403%28VS.85%29.aspx

bobince  2009-01-14 10:15:05
For .NET 2.0+ use the System.Security.Cryptography.ProtectedData class instead of @bobince's 2nd link.
devstuff  2009-01-14 11:10:38
A: 

Um, what you're trying to achieve is exactly what DRM tried to achieve. Encrypt something then give the user the keys (however obfuscated) and the crypto. They did it with DVDs. They did it with Blu-Ray. They did it with iTunes.

What you are proposing to do will never be secure. Your average lay person will probably not figure it out, but any sufficiently motivated attacker will work it out and discover the keys, the algorithm and decrypt the data.

If all you're doing is encrypting user data then ask the user for their password. If you're trying to protect your internal data from the user running the application you're S.O.L.

Adam Hawes  2009-01-14 10:31:13
What's S.O.L.? Anyway, I'm not trying to achieve the same thing as DRM. I'm not trying to encrypt MY files, that I would later distribute with the app - I need a way to encrypt USER information, that HE/SHE will enter into my APP (the info needs to be stored for later use from inside my app).
Paulius Maruška  2009-01-14 10:52:29
S.O.L. = "S**t Outta Luck"
Graeme Perrow  2009-01-19 17:36:22
+2  A: 

You should consider using DPAPI for this purpose. It will encrypt your data with a special (internal) symmetric key which is on per-user basis. You don't even need to ask for passwords in this case, because different users on the system will have different keys assigned to them.

The downside of it might be that you can't recover the data if the user is deleted/Windows reinstalled (I believe that this is the case, not quite sure though). In that case encrypt the data with a "self-generated" key derived from the password and store the password in registry/file encrypted using DPAPI.

liggett78  2009-01-14 10:36:08
Link to the docs for .NET 2.0 and later: http://msdn.microsoft.com/en-us/library/system.security.cryptography.protecteddata.aspx
liggett78  2009-01-14 10:38:15
Well, while the data is sensitive, I can safely assume, that the user can re-enter the data in case of a windows reinstall. After all, that's how I get the data in the first place - user enters it, and then my app just auto-magically remembers it.
Paulius Maruška  2009-01-14 10:54:28

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)