Opa114 Posted December 12, 2014 Posted December 12, 2014 Hi, did someone know how i could decrypt a BLOB-Data from the Windows Registry? For Example there is a digital certificate stored which looks like it is encrypted. Now i want to decrypt it with java and native call the crypt32.dll (function: cryptUnprotectData()) with JNA. i tried it, but i get data invalid error. the function could have many arguments, but i did not found out which i have to use exactly. here is my little peace of code - maybe it helps.. byte[] byteArray = (byte[]) Advapi32Util.registryGetValue(WinReg.HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\02FAF3E291435468607857694DF5E45B68851868", "Blob"); byte[] protectedData = Crypt32Util.cryptProtectData(byteArray); String test = new String(protectedData); System.out.println(test); When i run this code i get: Data invalid - win32 exception. so i think something wrong with the input data. Maybe the data was not encrypted with dpapi? or i need to use some of the arguments (see here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa380882%28v=vs.85%29.aspx)? Hope someone could help me :) thnx! Quote
cooper Posted December 12, 2014 Posted December 12, 2014 I'd print that byte array once you've gotten it from the registry, make sure it in fact contains the data you expected to get. I also don't understand how the cryptProtectData function can do its thing using only a byte array. If it's to decrypt something, the name is shit and you'd expect a lot more parameters (algo to use, passwd to use, possible seed value, etc). Quote
Opa114 Posted December 12, 2014 Author Posted December 12, 2014 yes i print it out. so data is the right. problem is. was this data encrypted with MS DPAPI or in another way? second question is: have i to use some of the parameters (see link above mdsn) to decrypt it and i don't know what values the parameters should have. i tried to find out the information from Microsoft, but i did not get them, so i hope some of you know anything about this. Quote
cooper Posted December 14, 2014 Posted December 14, 2014 1. No idea 2. Your link doesn't work. I'll have another peek when you fix that. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.