CryptProtectData and FIPS 140

98 views
Skip to first unread message

dB.

unread,
Oct 22, 2009, 12:27:45 PM10/22/09
to
I've read all the documentation and I must be really thick. I have an
application that uses CryptProtectData and CryptUnProtectData with
CRYPTPROTECT_LOCAL_MACHINE. I need to make sure that I use a FIPS-
compliant cryptographic provider.

So what does CryptProtectData actually use? Do I need to call
CryptSetProvider? Do I need to set the FIPS Local Policy Flag?

John Banes

unread,
Oct 24, 2009, 6:01:28 PM10/24/09
to

It's been a few years since I looked at this (pre-Vista), but at that
time CryptProtectData/CryptUnprotectData was hard-coded to use one of
the standard Microsoft software CSPs, "Microsoft Enhanced
Cryptographic Provider v1.0", which is FIPS certified. The algorithm
used is either 3DES or AES, depending on the version of Windows you're
using.

Perhaps someone else can chime in with the Vista/Win7 situation.

Regards,
John

dB.

unread,
Oct 28, 2009, 12:49:21 PM10/28/09
to
Thanks John, there's got to be some official statement about this. Any
ideas where I can try next?

John Banes

unread,
Oct 29, 2009, 11:38:48 PM10/29/09
to
On Oct 28, 9:49 am, "dB." <dbl...@dblock.org> wrote:
> Thanks John, there's got to be some official statement about this. Any
> ideas where I can try next?

Well, I can't make make official statements any more, but I see that
you've contacted MS tech support. That's probably your best bet. :-)

dB.

unread,
Nov 18, 2009, 8:16:11 AM11/18/09
to
Thank you. Microsoft support was very helpful. I summarized their
answer here: http://code.dblock.org/ShowPost.aspx?id=63. Of course I
cannot make any official statements either :)
Reply all
Reply to author
Forward
0 new messages