Do I need to store a key for CryptUnprotectData and CryptProtectData?

Question

Do I need to store a key for CryptUnprotectData and CryptProtectData?

DPAPI has 2 functions: CryptUnprotectData and CryptProtectData .
I read They do the encryption or decryption by using a session key that the function creates by using the user logon credentials. Does this mean that I do not need to store this key anywhere, and they will be created when I want to encrypt or decrypt the data?
I also found An important point to remember is that DPAPI merely applies cryptographic protection to the data. It does not store any of the protected data; therefore applications calling DPAPI must implement their own storage of the protected data. An important point to remember is that DPAPI merely applies cryptographic protection to the data. It does not store any of the protected data; therefore applications calling DPAPI must implement their own storage of the protected data. Is this about a key or file that has been encrypted?

+1

winapi encryption storage dpapi

RuF Jun 24 '14 at 12:11

source share

1 answer

Eugene Mayevski 'Allied Bits · Accepted Answer · 2014-06-24T14:24:11+0000

These functions use a key specific to the registered user. This way you do not need to store the key. However, these functions are intended only for data conversion, and not for storing data. This means that your job is to store encrypted pieces of data wherever you want - CryptProtectData will not do this for you.

Do I need to store a key for CryptUnprotectData and CryptProtectData?

More articles: