strange problem with CryptProtectData and CryptUnprotectData width WinCE 6.00

Hi all,
I am working on a BSP based on i.MX27 from Freescale.
To secure some datas, I want to use CrypProtectData() ans 
CrypUnprotectData() functions.

I create a little program to test those routines and all seems to work 
well. I can code and decode datas as "CurrentUser".
But when I restart the board, the previous crypted datas cannot be 
decrypted !
I always got an error 13 (Invalid Data).

Anybody knows why?
Do I have to include an extract dependency ?
Is there something I have forgot to configure?

Thanks for any help

Best regards
0
Fabrice
4/13/2010 8:24:38 AM
windowsce.platbuilder 744 articles. 0 followers. Follow

5 Replies
2151 Views

Similar Articles

[PageSpeed] 8

Various master keys are stored in the object store.  If your object store 
does not persist through a reboot, you don't have those keys any more when 
you try to decrypt.  One possible solution, if you have a persistent 
registry, is to use the MasterKeysInRegistry registry entry to force the 
crypto code to store those master keys there, not in the object store. This 
is less-secure, but there's no real alternative, unless you can use 
battery-backed RAM (or something), to persist the object store.

I suppose that, alternatively, you could use a password or other key that 
you ask the user for each time to encrypt the data using some other scheme 
not so closely tied to a specific machine, user, and registry content.

Paul T.

"Fabrice MOUSSET" wrote:

> Hi all,
> I am working on a BSP based on i.MX27 from Freescale.
> To secure some datas, I want to use CrypProtectData() ans 
> CrypUnprotectData() functions.
> 
> I create a little program to test those routines and all seems to work 
> well. I can code and decode datas as "CurrentUser".
> But when I restart the board, the previous crypted datas cannot be 
> decrypted !
> I always got an error 13 (Invalid Data).
> 
> Anybody knows why?
> Do I have to include an extract dependency ?
> Is there something I have forgot to configure?
> 
> Thanks for any help
> 
> Best regards
> .
> 
0
Utf
4/13/2010 3:25:01 PM
Hi Paul,
Many thanks for your reply.
I have added in my platform.reg
[HKEY_LOCAL_MACHINE\Init\BootVars]
	"MasterKeysInRegistry"=3Ddword:1

But, there is no change :-(

I can't read back secured datas after reboot :-(

How can I check if the master key is saved in registry?
I have added a modified version of oemregistry.dll to managed to save=20
and restore process for the registry and this works fine.
But there are also some functions to save and restore a kind of=20
password... the read function is called many times (about 3 times) but=20
the store function is never called, is this normal?

Regards

Fabrice

Le 13/04/2010 17:25, Paul G. Tobey [eMVP] a =C3=A9crit :
> Various master keys are stored in the object store.  If your object sto=
re
> does not persist through a reboot, you don't have those keys any more w=
hen
> you try to decrypt.  One possible solution, if you have a persistent
> registry, is to use the MasterKeysInRegistry registry entry to force th=
e
> crypto code to store those master keys there, not in the object store. =
This
> is less-secure, but there's no real alternative, unless you can use
> battery-backed RAM (or something), to persist the object store.
>
> I suppose that, alternatively, you could use a password or other key th=
at
> you ask the user for each time to encrypt the data using some other sch=
eme
> not so closely tied to a specific machine, user, and registry content.
>
> Paul T.
>
> "Fabrice MOUSSET" wrote:
>
>> Hi all,
>> I am working on a BSP based on i.MX27 from Freescale.
>> To secure some datas, I want to use CrypProtectData() ans
>> CrypUnprotectData() functions.
>>
>> I create a little program to test those routines and all seems to work=

>> well. I can code and decode datas as "CurrentUser".
>> But when I restart the board, the previous crypted datas cannot be
>> decrypted !
>> I always got an error 13 (Invalid Data).
>>
>> Anybody knows why?
>> Do I have to include an extract dependency ?
>> Is there something I have forgot to configure?
>>
>> Thanks for any help
>>
>> Best regards
>> .
>>



0
Fabrice
4/14/2010 9:42:52 AM
You really can't read anything back.  How to test this?  Hmmm.  Well, one way 
would be to connect to a shared folder on a desktop machine from your Windows 
CE device, requiring a password.  Tell CE to save that password.  If, after 
saving the registry and rebooting the CE device, it can connect without 
reentry of the password, that's a good indicator.  

Is your registry persistent at all?  Obviously, just adding a key isn't 
going to make the contents of the registry get magically saved...  If it is 
persistent, make sure that you clear any saved version of the registry and 
put that MasterKeysInRegistry value in the BOOT registry, then trying 
starting things again.

Paul T.

"Fabrice MOUSSET" wrote:

> Hi Paul,
> Many thanks for your reply.
> I have added in my platform.reg
> [HKEY_LOCAL_MACHINE\Init\BootVars]
> 	"MasterKeysInRegistry"=dword:1
> 
> But, there is no change :-(
> 
> I can't read back secured datas after reboot :-(
> 
> How can I check if the master key is saved in registry?
> I have added a modified version of oemregistry.dll to managed to save 
> and restore process for the registry and this works fine.
> But there are also some functions to save and restore a kind of 
> password... the read function is called many times (about 3 times) but 
> the store function is never called, is this normal?
> 
> Regards
> 
> Fabrice
> 
> Le 13/04/2010 17:25, Paul G. Tobey [eMVP] a écrit :
> > Various master keys are stored in the object store.  If your object store
> > does not persist through a reboot, you don't have those keys any more when
> > you try to decrypt.  One possible solution, if you have a persistent
> > registry, is to use the MasterKeysInRegistry registry entry to force the
> > crypto code to store those master keys there, not in the object store. This
> > is less-secure, but there's no real alternative, unless you can use
> > battery-backed RAM (or something), to persist the object store.
> >
> > I suppose that, alternatively, you could use a password or other key that
> > you ask the user for each time to encrypt the data using some other scheme
> > not so closely tied to a specific machine, user, and registry content.
> >
> > Paul T.
> >
> > "Fabrice MOUSSET" wrote:
> >
> >> Hi all,
> >> I am working on a BSP based on i.MX27 from Freescale.
> >> To secure some datas, I want to use CrypProtectData() ans
> >> CrypUnprotectData() functions.
> >>
> >> I create a little program to test those routines and all seems to work
> >> well. I can code and decode datas as "CurrentUser".
> >> But when I restart the board, the previous crypted datas cannot be
> >> decrypted !
> >> I always got an error 13 (Invalid Data).
> >>
> >> Anybody knows why?
> >> Do I have to include an extract dependency ?
> >> Is there something I have forgot to configure?
> >>
> >> Thanks for any help
> >>
> >> Best regards
> >> .
> >>
> 
> 
> 
> .
> 
0
Utf
4/14/2010 3:10:09 PM
I finally found a way to make it working !
On my BSP, a use RAM Based Registry, and to save and restore the=20
registry from the Flash, I use OemRegistry.dll.
So far, so good, the registry is fully restored during boot process and=20
fully saved on each regflushkey() call.

Now the tricky part is, that it seems that the master key is generated=20
before oemregistry.dll initialization, so the MasterKeysInRegistry isn't =

know at this moment !
To solve this, I used OAL function pointer pfnReadRegistry to give OAL=20
the task of restore back from Flash the previous save registry.
And now, it works !!!!
I use the OAL to restore the registry and OemRegistry.dll for the=20
backup, I don't want to do the backup in the OAL, because I have to=20
manage an external hardware watchdog, which isn't possible from the OAL=20
(I need to generate events).

Thanks a lot for your help, MasterKeysInRegistry was the key hint, to=20
bad for me that oemregistry.dll isn't very well support and that all of=20
this is very bad documented.

Regards

Fabrice.


Le 14/04/2010 17:10, Paul G. Tobey [eMVP] a =C3=A9crit :
> You really can't read anything back.  How to test this?  Hmmm.  Well, o=
ne way
> would be to connect to a shared folder on a desktop machine from your W=
indows
> CE device, requiring a password.  Tell CE to save that password.  If, a=
fter
> saving the registry and rebooting the CE device, it can connect without=

> reentry of the password, that's a good indicator.
>
> Is your registry persistent at all?  Obviously, just adding a key isn't=

> going to make the contents of the registry get magically saved...  If i=
t is
> persistent, make sure that you clear any saved version of the registry =
and
> put that MasterKeysInRegistry value in the BOOT registry, then trying
> starting things again.
>
> Paul T.
>


0
Fabrice
4/14/2010 4:06:36 PM
I'm glad you got it working.

I think that almost no one is using RAM-based registry persistence any more. 
 Even I, the original "I'll never switch to hive-based registry" guy have 
been using hive-based for a while now exclusively.  There are times when it 
makes sense to persist the RAM-based registry, but, if your flash is already 
set up for storage, it's a lot better to put a hive in the filesystem.

Paul T.

"Fabrice MOUSSET" wrote:

> I finally found a way to make it working !
> On my BSP, a use RAM Based Registry, and to save and restore the 
> registry from the Flash, I use OemRegistry.dll.
> So far, so good, the registry is fully restored during boot process and 
> fully saved on each regflushkey() call.
> 
> Now the tricky part is, that it seems that the master key is generated 
> before oemregistry.dll initialization, so the MasterKeysInRegistry isn't 
> know at this moment !
> To solve this, I used OAL function pointer pfnReadRegistry to give OAL 
> the task of restore back from Flash the previous save registry.
> And now, it works !!!!
> I use the OAL to restore the registry and OemRegistry.dll for the 
> backup, I don't want to do the backup in the OAL, because I have to 
> manage an external hardware watchdog, which isn't possible from the OAL 
> (I need to generate events).
> 
> Thanks a lot for your help, MasterKeysInRegistry was the key hint, to 
> bad for me that oemregistry.dll isn't very well support and that all of 
> this is very bad documented.
> 
> Regards
> 
> Fabrice.
> 
> 
> Le 14/04/2010 17:10, Paul G. Tobey [eMVP] a écrit :
> > You really can't read anything back.  How to test this?  Hmmm.  Well, one way
> > would be to connect to a shared folder on a desktop machine from your Windows
> > CE device, requiring a password.  Tell CE to save that password.  If, after
> > saving the registry and rebooting the CE device, it can connect without
> > reentry of the password, that's a good indicator.
> >
> > Is your registry persistent at all?  Obviously, just adding a key isn't
> > going to make the contents of the registry get magically saved...  If it is
> > persistent, make sure that you clear any saved version of the registry and
> > put that MasterKeysInRegistry value in the BOOT registry, then trying
> > starting things again.
> >
> > Paul T.
> >
> 
> 
> .
> 
0
Utf
4/14/2010 10:29:01 PM
Reply:

Similar Artilces:

changing position and width of textfields with vba
hello, is there any way to change the positions (left.coordinate) and width of textfields with vba while opening a report? Problem: i have 10 textfields and the user can decide, how many of them should be printed. so they can say: print column 1,2,5,6 or 3,6,8 or whatever. In the report i wanna change the position of the textfields so in example one the field 1 start at left-position 0 and have a width of maxwidth/4. In second example field 3 have to start at left-position 0 and should have the width of maxwidth/3. it seems at the report-events if cant change that attributes while usin...

Date Problem !!
hi there i have a big problem with the dates. i enter 09/10/2005 in a cell and it changes to 10/09/2005 !! big problem. it shows 10/09/2005 in the cell but 09/10/2005 in the formula bar !! 2 different dates very confusing is there a way of telling it to use just one kind ??? thanks -- cassy01 ------------------------------------------------------------------------ cassy01's Profile: http://www.excelforum.com/member.php?action=getinfo&userid=780 View this thread: http://www.excelforum.com/showthread.php?threadid=473175 It's the same date, it's just formatted differently o...

Excel Formula #6
Is there a way to set a formula to calculate how many rows above (COUNT) with no text or numbers in the column? try =COUNTBLANK(F3:F9) -- Don Guillett SalesAid Software donaldb@281.com "deniseS" <dstafiej@dykema.com> wrote in message news:150b101c3c3fa$68119950$a601280a@phx.gbl... > Is there a way to set a formula to calculate how many rows > above (COUNT) with no text or numbers in the column? > =COUNTIF(A1:A100,"") -- HTH. Best wishes Harald Followup to newsgroup only please. "deniseS" <dstafiej@dykema.com> wrote in message news:15...

Problem with Outlook reminders
Whenever I open the outlook (2007), an error message appears which reads: "There was a problem reading one or more reminders. Some reminders may not appear." I ran outlook /cleanreminders at RUN, it opened Outlook but the error message still appeears. How can I fix this problem? OS is windows 7. Jorge Does this happen even if you start Outlook in Safe Mode? (hold down CTRL while you click the icon) See if this helps: http://www.officeforlawyers.com/outlook/tsol.html#safe -- -Ben- Ben M. Schorr, MVP Roland Schorr & Tower http://www.rolandschorr....

Camera Problem
When my mate and I have video call , I can see both my and his picture but he can only see me, own picture missing, if he uses tools, video audio set up he can see himself,, also he had vidio call to family in Australia and that was fine we are both using 2009 14.0.8089s please ...

Problem with XmlDocument.Load method.
I get an unhandled exception, when I try to execute XmlDocument.Load(...) in my C# Windows application: -------------------------------------------- "Common Language Runtime Debugging Services" Process id... thread id... Click OK to terminate ... Click Cancel to Debug ... -------------------------------------------- Running environment: Windows 2000 Terminal Server, .NET Framework 1.1 with all latest service packs. But strangest thing is - if I run the same programm as an administrator,everything runs well, but if user is power user or User - I get this exception. Even more - I c...

Data Validation problem #5
hi I think that is a different solution entirely - in that example yo gave me it is a simple case of choosing one list and that then sets th range for list 2, however the second set of lists are all individual my requirement is that the validation picks the required items out o just ONE list, whereas in the example you needed to maintain individua lists each of which was dependant on the first selection -- moosife ----------------------------------------------------------------------- moosifer's Profile: http://www.excelforum.com/member.php?action=getinfo&userid=1590 View this threa...

WindowProc: combobox messages problem
In my CControlBar I have overridden the virtual WindowProc. The combobox on the controlbar displays correct and behaves well in runtime. Now, I spent a couple of hours trying to get some messages that I need, using WindowProc. This is needed because CControlBar will pass everything on to the controlbar owner, and that's not what I want. WindowProc is my way to intercept those messages. I already found out that the messages are, ehm, weird: their numbers do not match on related defines in winuser.h. To give an example: WM_COMMAND, 0x0003 functions as a WM_SETFOCUS. But WM_SETFOCUS is def...

outlook contact list problem
Hello, I've been using Outlook for quite some time and it worked fine. My set-up: At work an english Outlook 2002 At home a german Outlook 2000 To sync I use an IPAQ PPC with Active Sync 3.7 I've now installed bluetooth support and sync even with my SE mobile phone with XTND Before the contact list was on both computers shown as "first last" i.e. Tom Smith, but now suddenly it shows as "Smith, Tom" I checked the settings on both outlooks and it says: "first last" both in - Tools>Options>Contact options> - Tools > E-mail accounts &g...

Import Messages from Outlook Express 6
Hi, I would like some advice on importing messages that are currently on a Win98se machine running OE 6 into an XP Pro machine running Outlook 2003, Thanks, any help greatly appriciated, Ed <anonymous@discussions.microsoft.com> wrote in message news:5c9c01c3e5bb$834ea400$a001280a@phx.gbl... > Hi, > I would like some advice on importing messages that are > currently on a Win98se machine running OE 6 into an XP > Pro machine running Outlook 2003, > Thanks, any help greatly appriciated, > Ed Go here to backup your old OE: http://insideoe.tomsterdam.com/backup/index.htm...

double display in the Watch view with VC++6 sp6
Hi, Since the install of Visual Studio service pack 6 the double display differe in the Watch window of example before (with vc++ sp5) -7701.7701 give in the window -7701.7701 now (with the sp6) in obtain -7701.7700999999997 Thanks Why is this an issue? It strikes me as a bit of concern over an irrelevancy. Floating point isn't accurate anyway, so there is no particular reason to be concerned about trivial differences like this. joe On Wed, 30 Jun 2004 09:39:11 +0200, "Olivier" <olive@nospam.fr> wrote: >Hi, > >Since the install of Visual Studio service ...

Printing business cards #6
I am trying to design and print cards for my business. I have the card designed, but I am confused by crop/bleed marks. The blue lines that intersect inside of Publisher do not seem to be the same lines that print when I print the card. How do I know how much room to leave around the edges (or "margins"). I do not know how much space is usable. Any help is appreciated. After managing to set up OE-QuoteFix on his new PC, Ed reads a message from steve <anonymous@discussions.microsoft.com>... > I am trying to design and print cards for my business. I > have the ...

ArrayList memory problem
Hi everyone, I've got the following problem: In my application I make use of two ArrayList objects like this: Public Sub Main() LoadData() End Sub Public Function LoadData() Dim list1 as new ArrayList() [...Fill the arraylist...] AnalyzeData(list1) End Function Public Function AnalyzeData(list1 as ArrayList) Dim list2 as new ArrayList list2 = list1 [...do stuff...] list2.Clear() End Function Now, this code creates a major memory leak....calling GC.Collect() etc. won't help. Can anyone tell me what happens, when I call list2 = list1 - is the whole list co...

Format Painter button problem
When I wish to format several cells the same I double click the format painter and I am able to format each cell without reclicking the button. I have just upgraded to Excel 2003 and now I can only do that on a worksheet that hasn't any VBA code attached. Is this a bug? I know other people on Mr Excel are having the same problem and no one seems to have an answer. Thanks for any response or help you may give me. Skip Depends upon the VBA code attached, I would imagine. If you have worksheet event code that formatted cells, this formatting would overwrite what you painted with the...

Office:mac 2004 installation problem
Hi, I'm wondering if anyone out there can help me... Way back in March I bought a new MacBook, and with it a copy of Office:mac 2004 student & teacher edition. I installed my copy of Office straight away, but didn't realise I needed to uninstall the Trial edition first. Every time I opened anything in Office, both the REAL and TRIAL editions started up - which is obviously quite annoying - so I tried to uninstall the trial. However, the REAL Office then stopped working. Getting a bit fed up, I tried to completely remove all traces of Office and start again. However, when I tr...

PivotItem Problem !
Hello, Here is my problem : My macro get data from a dynamic table . For each PivotItems in PivotFields("color"), i get the number or sum in the data range. Everything works well the first time but not after. If a data of one pivotItem is empty, the PivotItem is still on the PivotItemS list on the Table. So my loop "For each" return Error when i use the PivotItem LabelRange function , because there is no column (for ex) for that PivotItem. Is there a way to have only real value one that PivotItems. I try the command PivotCache.Refresh but still the same error. Did i ...

Inbox display problem
My 4 year old got on my computer and now my email is only showing the received column. I would like to have the From and Subject put back in there. Don't know and can't figure out how he did it. Anyone? Frank Frank <anonymous@discussions.microsoft.com> wrote: > My 4 year old got on my computer and now my email is only > showing the received column. I would like to have the > From and Subject put back in there. Don't know and can't > figure out how he did it. Anyone? In addition to what Milly said, you can also reset the current view to its defaul...

Problem with Addresses
I have to input an entire phone book of addresses. I have since manually typed 1175 but this is extremely time consuming and there is no end in site. Luckily, the phone book is posted on a website so I can cut and paste the entires However the entries appear on the website like this: Albis Turlington Architects, LLC Phone: 203-772-1212 175 Orange Street Fax: 203-773-1212 New Haven, CT 06510 when pasted into excel they appear in the same manner, each line in a different cell, phone and fax are in their own cells as well. The formatting ...

Outlook 2003 Problem #4
Hi folks, since I have got Outlook 2003 running, I have got the following problem: I use tow write e-mails offline, and then connect to the internet, and send it all at once. This worked always fine with OE, the written mails I sent away offline were copied into the send folder, and were sent away straght after I connected to the internet. Now I observer the followinf with Outlook 2003: Outlook continues to try to send the e-mail permanently, even if I check the correct checkbox for not participating on send offline. I tried to switch off everything I found, to prevent Outlook to permanently...

Check Boxes #6
Is there an "easy" way to add check boxes to a worksheet? As it stands, I have to manually attach it to the underlying cell, and adjust the size. I would like to add several hundred checkboxes. Am I doing somethig wrong, or is it just that akward and labor intensive in Excel? Hi Adam, Try: '=============>> Public Sub Tester01() Dim SH As Worksheet Dim rng As Range Dim rCell As Range Set SH = ActiveSheet '<<==== CHANGE Set rng = SH.Range("A1:A100") '<<==== CHANGE Application.ScreenUp...

Strange Exchange 2003 Pop Problem
If anyone may be able to shed some light on this strange happening I would really appreciate it. I have Exchange Server 2003 running, all of my users can check their email using Outlook/Popping just fine. They also can all go to OWA and check their email fine. I have one user that can use OWA to check her mail, it takes her password, lets her in but if she tries to use Outlook on her desktop it keeps popping up a password error. No matter which station I am at, I can not check email with this account other than using OWA with a web browser. Nothing was changed on the server, I have reset the...

Problem when opening Excel 2003 file
How come when I open a file in Excel nothing appears? Yet the same file will open correctly on other peoples computers. Hi try the following: goto 'Tools-Options-General " and uncheck "Ignore other Applications" Exit Excel and try again If this doesn't work try to re-register Excel 1. Close Excel first and 2. On the Windows Taskbar 2.1 Start>Run "excel.exe /unregserver"(no quotes)>OK. 2.2 Start>Run "excel.exe /regserver"(no quotes)>OK. -- Regards Frank Kabel Frankfurt, Germany Bruce Weinstein wrote: > How come when I open a file...

CRM Outlook Client Addin Problem
We have our users installed with the CRM Outlook client. They are running Outlook XP with 256MB ram. In general, they were normally. However, when our users select multiple mail in the Outlook, the client hang up for minutes. Does anybody know the cause and solutions? Hi Gordon, there are several possible causes: 1. Which CRM client are you trying to use: Microsoft CRM Desktop Client for Office Outlook, or Microsoft CRM Laptop Client for Office Outlook? 2. What operating system are the PCs running: Windows 2000 SP2 or Windows XP SP1 or Windows XP SP2? 3. Which service pack of Micro...

Strange problem with some contact names / email senders
Hello! I have a strange Outlook problem which is really annyoing me at the moment! I added someone to my contacts but whenever i reply to their email they're name isn't automatically filled in as it does with other people's email. Also, if i Create a New email message, it never auto-completes their name. (ie if info@babylon-webmaster.fsnet.co.uk is in my contacts under 'Babylon', sends me an email and i reply to it "To: " reads "Babylon <info@babylon- webmaster.fsnet.co.uk>", but for this contact "To:" only ever displays their ...

Outlook client and a kerberos problem
I install the outlook client and it did not show me any problem but when I open outlook and try to open CRM tap, it shows me an error messages (with no revelevant information - an error ocurred loading Microsoft CRM functionality). At the application log I can see several errors - from two different origins: Origin : MSCRMAddressBook Origin : MSCRMAddIn And at the system log, I see the following error. The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/crmserver."our domain". This indicates that the password used to encrypt the kerberos service t...