Decrypt Registry BLOB with Java?

[Opa114]

Hi,

did someone know how i could decrypt a BLOB-Data from the Windows Registry? For Example there is a digital certificate stored which looks like it is encrypted. Now i want to decrypt it with java and native call the crypt32.dll (function: cryptUnprotectData()) with JNA.

i tried it, but i get data invalid error. the function could have many arguments, but i did not found out which i have to use exactly.

here is my little peace of code - maybe it helps..

byte[] byteArray = (byte[]) Advapi32Util.registryGetValue(WinReg.HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\02FAF3E291435468607857694DF5E45B68851868", "Blob");
    	
byte[] protectedData = Crypt32Util.cryptProtectData(byteArray);

String test = new String(protectedData);
System.out.println(test);

When i run this code i get: Data invalid - win32 exception. so i think something wrong with the input data. Maybe the data was not encrypted with dpapi? or i need to use some of the arguments (see here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa380882%28v=vs.85%29.aspx)?

Hope someone could help me :) thnx!

[cooper]

I'd print that byte array once you've gotten it from the registry, make sure it in fact contains the data you expected to get.

I also don't understand how the cryptProtectData function can do its thing using only a byte array. If it's to decrypt something, the name is shit and you'd expect a lot more parameters (algo to use, passwd to use, possible seed value, etc).

[Opa114]

yes i print it out. so data is the right. problem is. was this data encrypted with MS DPAPI or in another way? second question is: have i to use some of the parameters (see link above mdsn) to decrypt it and i don't know what values the parameters should have.

i tried to find out the information from Microsoft, but i did not get them, so i hope some of you know anything about this.

[cooper]

1. No idea

2. Your link doesn't work. I'll have another peek when you fix that.