CryptProtectData and FIPS 140

[dB.]

I've read all the documentation and I must be really thick. I have an
application that uses CryptProtectData and CryptUnProtectData with
CRYPTPROTECT_LOCAL_MACHINE. I need to make sure that I use a FIPS-
compliant cryptographic provider.

So what does CryptProtectData actually use? Do I need to call
CryptSetProvider? Do I need to set the FIPS Local Policy Flag?

[John Banes]

It's been a few years since I looked at this (pre-Vista), but at that
time CryptProtectData/CryptUnprotectData was hard-coded to use one of
the standard Microsoft software CSPs, "Microsoft Enhanced
Cryptographic Provider v1.0", which is FIPS certified. The algorithm
used is either 3DES or AES, depending on the version of Windows you're
using.

Perhaps someone else can chime in with the Vista/Win7 situation.

Regards,
John

[dB.]

Thanks John, there's got to be some official statement about this. Any
ideas where I can try next?

[John Banes]

On Oct 28, 9:49 am, "dB." <dbl...@dblock.org> wrote:
> Thanks John, there's got to be some official statement about this. Any
> ideas where I can try next?

Well, I can't make make official statements any more, but I see that
you've contacted MS tech support. That's probably your best bet. :-)

[dB.]

Thank you. Microsoft support was very helpful. I summarized their
answer here: http://code.dblock.org/ShowPost.aspx?id=63. Of course I
cannot make any official statements either :)