Functions

src/CustomActions/Cryptography/CryptProtectDataHex.cpp File Reference

#include "StdAfx.h"
#include "CryptProtectDataHex.h"
#include "FlagMaps.h"

Functions

CA_API UINT __stdcall CryptProtectDataHex (MSIHANDLE hInstall)
 CryptProtectDataHex protects the data with a user or machine key and returns hex-encoded value of the data.
CA_API UINT __stdcall CryptUnprotectDataHex (MSIHANDLE hInstall)
 CryptUnprotectDataHex unprotects hex-encoded data with a user or machine key and returns value of the data.

Function Documentation

CA_API UINT __stdcall CryptProtectDataHex ( MSIHANDLE  hInstall)

CryptProtectDataHex protects the data with a user or machine key and returns hex-encoded value of the data.

Parameters:
CRYPTPROTECT_DATAData to protect.
CRYPTPROTECT_ENTROPYOptional entropy.
CRYPTPROTECT_FLAGSFlags to pass to CryptProtectData.

  • CRYPTPROTECT_LOCAL_MACHINE When this flag is set, it associates the data encrypted with the current computer instead of with an individual user. Any user on the computer on which CryptProtectData is called can use CryptUnprotectData to decrypt the data.
  • CRYPTPROTECT_UI_FORBIDDEN This flag is used for remote situations where presenting a user interface (UI) is not an option. When this flag is set and a UI is specified for either the protect or unprotect operation, the operation fails.
  • CRYPTPROTECT_AUDIT This flag generates an audit on protect and unprotect operations.
  • CRYPTPROTECT_VERIFY_PROTECTION This flag verifies the protection of a protected BLOB.
CRYPTPROTECT_DESCRIPTIONOptional description of protect data (stored in clear).
Returns:
CRYPTPROTECT_RESULT Hex-encoded protected data.
Example:
        <Binary Id="Cryptography" SourceFile="relative path to Cryptography.dll"/>
        <Property Id="CRYPTPROTECT_DATA" Hidden="yes" />
        <Property Id="CRYPTPROTECT_FLAGS" Value="CRYPTPROTECT_LOCAL_MACHINE|CRYPTPROTECT_UI_FORBIDDEN" />
        <CustomAction Id="EncryptPassword" BinaryKey="Cryptography" DllEntry="CryptProtectDataHex"Execute="immediate" />
        <CustomAction Id="SetDBUSERsPASSWORDForEncryption"Property="CRYPTPROTECT_DATA" Value="[PASSWORD]" />
        <InstallExecuteSequence> 
          <Custom Action="SetDBUSERsPASSWORDForEncryption" After="InstallInitialize" />
          <Custom Action="EncryptPassword" After="SetDBUSERsPASSWORDForEncryption" />
        </InstallExecuteSequence>

Todo:
Support PromptStruct.

CA_API UINT __stdcall CryptUnprotectDataHex ( MSIHANDLE  hInstall)

CryptUnprotectDataHex unprotects hex-encoded data with a user or machine key and returns value of the data.

Parameters:
CRYPTUNPROTECT_DATAData to unprotect.
CRYPTUNPROTECT_ENTROPYOptional entropy.
CRYPTUNPROTECT_FLAGSFlags to pass to CryptUnrotectData.

  • CRYPTPROTECT_LOCAL_MACHINE When this flag is set, it associates the data encrypted with the current computer instead of with an individual user. Any user on the computer on which CryptProtectData is called can use CryptUnprotectData to decrypt the data.
  • CRYPTPROTECT_UI_FORBIDDEN This flag is used for remote situations where presenting a user interface (UI) is not an option. When this flag is set and a UI is specified for either the protect or unprotect operation, the operation fails.
  • CRYPTPROTECT_AUDIT This flag generates an audit on protect and unprotect operations.
  • CRYPTPROTECT_VERIFY_PROTECTION This flag verifies the protection of a protected BLOB.
Returns:
CRYPTUNPROTECT_RESULT Unprotected data.
CRYPTUNPROTECT_DESCRIPTION Associated description.
Example:
        <Binary Id="Cryptography" SourceFile="relative path to Cryptography.dll"/>
        <Property Id="CRYPTUNPROTECT_FLAGS" Value="CRYPTPROTECT_LOCAL_MACHINE|CRYPTPROTECT_UI_FORBIDDEN" />
        <CustomAction Id="DecryptPassword" BinaryKey="Cryptography" DllEntry="CryptUnprotectDataHex"Execute="immediate" />
        <CustomAction Id="SetDBUSERsDecryptedPASSWORD"Property="PASSWORD" Value="[CRYPTUNPROTECT_RESULT]"/>
        <InstallExecuteSequence> 
          <Custom Action="DecryptPassword" After="InstallInitialize"/>
          <Custom Action="SetDBUSERsDecryptedPASSWORD" After="DecryptPassword"/>
        </InstallExecuteSequence>

Todo:
Support PromptStruct.



© Application Security Inc. - All Rights Reserved http://msiext.codeplex.com