How to store passwords in Winforms application?

by

The sanctified method is to use CryptoAPI and the Data Protection APIs.

To encrypt, use something like this (C++):

DATA_BLOB blobIn, blobOut;
blobIn.pbData=(BYTE*)data;
blobIn.cbData=wcslen(data)*sizeof(WCHAR);

CryptProtectData(&blobIn, description, NULL, NULL, NULL, CRYPTPROTECT_LOCAL_MACHINE | CRYPTPROTECT_UI_FORBIDDEN, &blobOut);
_encrypted=blobOut.pbData;
_length=blobOut.cbData;

Decryption is the opposite:

DATA_BLOB blobIn, blobOut;
blobIn.pbData=const_cast<BYTE*>(data);
blobIn.cbData=length;

CryptUnprotectData(&blobIn, NULL, NULL, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &blobOut);

std::wstring _decrypted;
_decrypted.assign((LPCWSTR)blobOut.pbData,(LPCWSTR)blobOut.pbData+blobOut.cbData/sizeof(WCHAR));

If you don’t specify CRYPTPROTECT_LOCAL_MACHINE then the encrypted password can be securely stored in the registry or config file and only you can decrypt it. If you specify LOCAL_MACHINE, then anyone with access to the machine can get it.

More Related Contents:

  1. Why is char[] preferred over String for passwords?
  2. Best way to store password in database [closed]
  3. How can I store my users’ passwords safely?
  4. Difference between Hashing a Password and Encrypting it
  5. Is “double hashing” a password less secure than just hashing it once?
  6. Two-way encryption: I need to store passwords that can be retrieved
  7. ASP.NET Identity’s default Password Hasher – How does it work and is it secure?
  8. Generating a random password in php
  9. Invoke or BeginInvoke cannot be called on a control until the window handle has been created
  10. Preferred Method of Storing Passwords In Database
  11. Show Properties of a Navigation Property in DataGridView (Second Level Properties)
  12. System.Windows.Threading.Dispatcher and WinForms?
  13. How to control the font DPI in .NET WinForms app
  14. UI Design Pattern for Windows Forms (like MVVM for WPF)
  15. How do I turn off Compatibility View on the IE WebBrowserControl in a WinForms app?
  16. MSI register dll – Self-Registration considered harmful
  17. encrypt and decrypt md5
  18. How to create a laravel hashed password
  19. Securely Erasing Password in Memory (Python)
  20. How would you implement MVC in a Windows Forms application?
  21. PowerShell: Job Event Action with Form not executed
  22. How to draw custom button in Window Titlebar with Windows Forms?
  23. Secure Password Hashing [closed]
  24. Why not use MD5 for password hashing?
  25. Ribbon UI Control for WinForms
  26. MVVM for winforms [duplicate]
  27. How to make autocomplete on a TextBox show suggestions when empty
  28. Disable drop paste in HTML input fields? [duplicate]
  29. In WinForms, why can’t you update UI controls from other threads?
  30. Unique key generation

Leave a Comment