CryptProtectData & CryptUnprotectData

  • Hallo,
    mit den Funktionen _CryptProtectData() und _CryptUnprotectData() kann man Daten sicher verschlüsseln, so dass im Normalfall nur der angemeldete User und nur der gleiche Computer die Daten wieder entschlüsseln kann. Man kann ein Passwort als zusätzliche Sicherheit setzen, wird aber nicht unbedingt benötigt.

    Auf MSDN gibt hier weitere Informationen:
    * CryptProtectData: http://msdn.microsoft.com/en-us/library/…1(v=vs.85).aspx
    * CryptUnprotectData: http://msdn.microsoft.com/en-us/library/…2(v=vs.85).aspx


    Viel Spaß damit!

    Spoiler anzeigen
    [autoit]

    #include <WinAPI.au3>

    [/autoit] [autoit][/autoit] [autoit]

    ;When this flag is set, it associates the data encrypted with the current computer instead of with an individual user.
    ;Any user on the computer on which CryptProtectData is called can use CryptUnprotectData to decrypt the data.
    Global Const $CRYPTPROTECT_LOCAL_MACHINE = 0x4

    [/autoit] [autoit][/autoit] [autoit]

    ;This flag is used for remote situations where presenting a user interface (UI) is not an option. When this flag is set
    ;and a UI is specified for either the protect or unprotect operation, the operation fails and GetLastError returns the ERROR_PASSWORD_RESTRICTION code.
    Global Const $CRYPTPROTECT_UI_FORBIDDEN = 0x1

    [/autoit] [autoit][/autoit] [autoit]

    ;This flag generates an audit on protect and unprotect operations.
    Global Const $CRYPTPROTECT_LOCAL_AUDIT = 0x10

    [/autoit] [autoit][/autoit] [autoit]

    Global Const $CRYPTPROTECT_VERIFY_PROTECTION = 0x40

    [/autoit] [autoit][/autoit] [autoit]

    ;This flag is used to provide the prompt for the protect phase.
    Global Const $CRYPTPROTECT_PROMPT_ON_PROTECT = 0x2

    [/autoit] [autoit][/autoit] [autoit]

    ;This flag can be combined with CRYPTPROTECT_PROMPT_ON_PROTECT to enforce the UI (user interface) policy of the caller.
    ;When CryptUnprotectData is called, the dwPromptFlags specified in the CryptProtectData call are enforced.
    Global Const $CRYPTPROTECT_PROMPT_ON_UNPROTECT = 0x1

    [/autoit] [autoit][/autoit] [autoit][/autoit] [autoit]

    Global Const $ERROR_INVALID_DATA = 13

    [/autoit] [autoit][/autoit] [autoit]

    Global Const $tagDATA_BLOB = "DWORD cbData;ptr pbData;"
    Global Const $tagCRYPTPROTECT_PROMPTSTRUCT = "DWORD cbSize;DWORD dwPromptFlags;HWND hwndApp;ptr szPrompt;"

    [/autoit] [autoit][/autoit] [autoit]

    Global $hDLL_CryptProtect = DllOpen("crypt32.dll")

    [/autoit] [autoit][/autoit] [autoit]

    Global $sString2Hide = "This is a test string to protect!"

    [/autoit] [autoit][/autoit] [autoit]

    Global $bData, $sData, $sDesc = ""

    [/autoit] [autoit][/autoit] [autoit]

    $bData = _CryptProtectData($sString2Hide, "Some information")
    ConsoleWrite("Error protecting: " & @error & " - " & @extended & @LF)
    ConsoleWrite("Protected data: " & $bData & @LF)

    [/autoit] [autoit][/autoit] [autoit]

    $sData = _CryptUnprotectData($bData, $sDesc)
    ConsoleWrite("Error unprotecting: " & @error & " - " & @extended & @LF)
    ConsoleWrite("Unprotected string: " & $sData & @LF)
    ConsoleWrite("Unprotected description: " & $sDesc & @LF)

    [/autoit] [autoit][/autoit] [autoit]

    ConsoleWrite(@LF & @LF)

    [/autoit] [autoit][/autoit] [autoit]

    $bData = _CryptProtectData($sString2Hide, "Some other information", "pass")
    ConsoleWrite("Error protecting: " & @error & " - " & @extended & @LF)
    ConsoleWrite("Protected data: " & $bData & @LF)

    [/autoit] [autoit][/autoit] [autoit]

    $sData = _CryptUnprotectData($bData, $sDesc, "")
    ConsoleWrite("Error unprotecting: " & @error & " - " & @extended & @LF)
    ConsoleWrite("Unprotected string: " & $sData & @LF)
    ConsoleWrite("Unprotected description: " & $sDesc & @LF)

    [/autoit] [autoit][/autoit] [autoit]

    ConsoleWrite(@LF & @LF)

    [/autoit] [autoit][/autoit] [autoit]

    $bData = _CryptProtectData($sString2Hide, "Some other information", "pwd")
    ConsoleWrite("Error protecting: " & @error & " - " & @extended & @LF)
    ConsoleWrite("Protected data: " & $bData & @LF)

    [/autoit] [autoit][/autoit] [autoit]

    $sData = _CryptUnprotectData($bData, $sDesc, "pwd")
    ConsoleWrite("Error unprotecting: " & @error & " - " & @extended & @LF)
    ConsoleWrite("Unprotected string: " & $sData & @LF)
    ConsoleWrite("Unprotected description: " & $sDesc & @LF)

    [/autoit] [autoit][/autoit] [autoit]

    ConsoleWrite(@LF & @LF)

    [/autoit] [autoit][/autoit] [autoit][/autoit] [autoit]

    Global $sPromptString = "Data protection will be done"
    Global $tPromptString = DllStructCreate("wchar szPrompt[256]")
    DllStructSetData($tPromptString, "szPrompt", $sPromptString)

    [/autoit] [autoit][/autoit] [autoit]

    Global $tPrompt = DllStructCreate($tagCRYPTPROTECT_PROMPTSTRUCT)
    DllStructSetData($tPrompt, "cbSize", DllStructGetSize($tPrompt))
    DllStructSetData($tPrompt, "dwPromptFlags", BitOR($CRYPTPROTECT_PROMPT_ON_PROTECT, $CRYPTPROTECT_PROMPT_ON_UNPROTECT))
    DllStructSetData($tPrompt, "szPrompt", DllStructGetPtr($tPromptString))

    [/autoit] [autoit][/autoit] [autoit]

    $bData = _CryptProtectData($sString2Hide, "Protection example with Gui", "pwd", 0, DllStructGetPtr($tPrompt))
    ConsoleWrite("Error protecting: " & @error & " - " & @extended & @LF)
    ConsoleWrite("Protected data: " & $bData & @LF)

    [/autoit] [autoit][/autoit] [autoit]

    $sPromptString = "Data unprotection will be done"
    DllStructSetData($tPromptString, "szPrompt", $sPromptString)

    [/autoit] [autoit][/autoit] [autoit]

    $sData = _CryptUnprotectData($bData, $sDesc, "pwd", 0, DllStructGetPtr($tPrompt))
    ConsoleWrite("Error unprotecting: " & @error & " - " & @extended & @LF)
    ConsoleWrite("Unprotected string: " & $sData & @LF)
    ConsoleWrite("Unprotected description: " & $sDesc & @LF)

    [/autoit] [autoit][/autoit] [autoit]

    DllClose($hDLL_CryptProtect)

    [/autoit] [autoit][/autoit] [autoit][/autoit] [autoit][/autoit] [autoit]

    ;http://msdn.microsoft.com/en-us/library/…1(v=vs.85).aspx
    Func _CryptProtectData($sString, $sDesc = "", $sPwd = "", $iFlag = 0, $pPrompt = 0)
    ;funkey 2014.08.11th
    Local $aRet, $iError, $tEntropy, $tDesc, $pEntropy = 0, $pDesc = 0
    Local $tDataIn = _DataToBlob($sString)
    If $sPwd <> "" Then
    $tEntropy = _DataToBlob($sPwd)
    $pEntropy = DllStructGetPtr($tEntropy)
    EndIf

    [/autoit] [autoit][/autoit] [autoit]

    If $sDesc <> "" Then
    $tDesc = DllStructCreate("wchar desc[" & StringLen($sDesc) + 1 & "]")
    DllStructSetData($tDesc, "desc", $sDesc)
    $pDesc = DllStructGetPtr($tDesc)
    EndIf

    [/autoit] [autoit][/autoit] [autoit]

    Local $tDataBuf = DllStructCreate($tagDATA_BLOB)

    [/autoit] [autoit][/autoit] [autoit]

    $aRet = DllCall($hDLL_CryptProtect, "BOOL", "CryptProtectData", "struct*", $tDataIn, "ptr", $pDesc, "ptr", $pEntropy, "ptr", 0, "ptr", $pPrompt, "DWORD", $iFlag, "struct*", $tDataBuf)
    $iError = @error

    [/autoit] [autoit][/autoit] [autoit]

    _WinAPI_LocalFree(DllStructGetData($tDataIn, "pbData"))

    [/autoit] [autoit][/autoit] [autoit]

    If $sPwd <> "" Then _WinAPI_LocalFree(DllStructGetData($tEntropy, "pbData"))
    If $iError Then Return SetError(1, 0, "")
    If $aRet[0] = 0 Then Return SetError(2, _WinAPI_GetLastError(), "")

    [/autoit] [autoit][/autoit] [autoit]

    Local $tDataOut = DllStructCreate("byte data[" & DllStructGetData($tDataBuf, "cbData") & "]", DllStructGetData($tDataBuf, "pbData"))
    Local $bData = DllStructGetData($tDataOut, "data")

    [/autoit] [autoit][/autoit] [autoit]

    _WinAPI_LocalFree(DllStructGetData($tDataBuf, "pbData"))

    [/autoit] [autoit][/autoit] [autoit]

    Return $bData
    EndFunc ;==>_CryptProtectData

    [/autoit] [autoit][/autoit] [autoit]

    ;http://msdn.microsoft.com/en-us/library/…2(v=vs.85).aspx
    Func _CryptUnprotectData($bData, ByRef $sDesc, $sPwd = "", $iFlag = 0, $pPrompt = 0)
    ;funkey 2014.08.11th
    Local $aRet, $iError, $tEntropy, $pEntropy = 0
    Local $tDataIn = _DataToBlob($bData)
    $sDesc = ""

    [/autoit] [autoit][/autoit] [autoit]

    If $sPwd <> "" Then
    $tEntropy = _DataToBlob($sPwd)
    $pEntropy = DllStructGetPtr($tEntropy)
    EndIf

    [/autoit] [autoit][/autoit] [autoit]

    Local $tDataBuf = DllStructCreate($tagDATA_BLOB)
    Local $tDesc = DllStructCreate("ptr desc")
    Local $pDesc = DllStructGetPtr($tDesc)

    [/autoit] [autoit][/autoit] [autoit]

    $aRet = DllCall($hDLL_CryptProtect, "BOOL", "CryptUnprotectData", "struct*", $tDataIn, "ptr*", $pDesc, "ptr", $pEntropy, "ptr", 0, "ptr", $pPrompt, "DWORD", $iFlag, "struct*", $tDataBuf)
    $iError = @error

    [/autoit] [autoit][/autoit] [autoit]

    _WinAPI_LocalFree(DllStructGetData($tDataIn, "pbData"))

    [/autoit] [autoit][/autoit] [autoit]

    If $sPwd <> "" Then _WinAPI_LocalFree(DllStructGetData($tEntropy, "pbData"))
    If $iError Then Return SetError(1, 0, "")
    If $aRet[0] = 0 Then Return SetError(2, _WinAPI_GetLastError(), "")

    [/autoit] [autoit][/autoit] [autoit]

    Local $tDataOut = DllStructCreate("char data[" & DllStructGetData($tDataBuf, "cbData") & "]", DllStructGetData($tDataBuf, "pbData"))
    Local $sData = DllStructGetData($tDataOut, "data")

    [/autoit] [autoit][/autoit] [autoit]

    Local $aLen = DllCall("msvcrt.dll", "UINT:cdecl", "wcslen", "ptr", $aRet[2])
    Local $tDesc = DllStructCreate("wchar desc[" & $aLen[0] + 1 & "]", $aRet[2])
    $sDesc = DllStructGetData($tDesc, "desc")

    [/autoit] [autoit][/autoit] [autoit]

    _WinAPI_LocalFree($aRet[2])
    _WinAPI_LocalFree(DllStructGetData($tDataBuf, "pbData"))

    [/autoit] [autoit][/autoit] [autoit]

    Return $sData
    EndFunc ;==>_CryptUnprotectData

    [/autoit] [autoit][/autoit] [autoit][/autoit] [autoit]

    ;Creates a DATA_BLOB structure where the function stores the decrypted data.
    ;When you have finished using the DATA_BLOB structure, free its pbData member by calling the _WinAPI_LocalFree function.
    Func _DataToBlob($data)
    ;funkey 2014.08.11th
    Local $iLen, $tDataIn, $tData, $aMem
    Local Const $LMEM_ZEROINIT = 0x40
    Select
    Case IsString($data)
    $iLen = StringLen($data)
    Case IsBinary($data)
    $iLen = BinaryLen($data)
    Case Else
    Return SetError(1, 0, 0)
    EndSelect

    [/autoit] [autoit][/autoit] [autoit]

    $tDataIn = DllStructCreate($tagDATA_BLOB)
    $aMem = DllCall("Kernel32.dll", "handle", "LocalAlloc", "UINT", $LMEM_ZEROINIT, "UINT", $iLen)
    $tData = DllStructCreate("byte[" & $iLen & "]", $aMem[0])

    [/autoit] [autoit][/autoit] [autoit]

    DllStructSetData($tData, 1, $data)
    DllStructSetData($tDataIn, "cbData", $iLen)
    DllStructSetData($tDataIn, "pbData", DllStructGetPtr($tData))

    [/autoit] [autoit][/autoit] [autoit]

    Return $tDataIn
    EndFunc ;==>_DataToBlob

    [/autoit]