So what does CryptProtectData actually use? Do I need to call
CryptSetProvider? Do I need to set the FIPS Local Policy Flag?
It's been a few years since I looked at this (pre-Vista), but at that
time CryptProtectData/CryptUnprotectData was hard-coded to use one of
the standard Microsoft software CSPs, "Microsoft Enhanced
Cryptographic Provider v1.0", which is FIPS certified. The algorithm
used is either 3DES or AES, depending on the version of Windows you're
Perhaps someone else can chime in with the Vista/Win7 situation.
Well, I can't make make official statements any more, but I see that
you've contacted MS tech support. That's probably your best bet. :-)