Re: CryptUnprotectData in DPAPI returning 0x8009000b - undocumented
From: John Banes (jbanes_at_online.microsoft.com)
Date: 07/13/05
- Next message: Eugene Mayevski: "Re: How to verify a SignedData (CMS, RFC3369) object?"
- Previous message: Richard Ward: "Re: validate username and password from workgroup computer"
- In reply to: Roy Chastain: "Re: CryptUnprotectData in DPAPI returning 0x8009000b - undocumented"
- Next in thread: Rhett Gong [MSFT]: "Re: CryptUnprotectData in DPAPI returning 0x8009000b - undocumented"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Jul 2005 00:31:59 -0700
Here are some random comments, many just backing up what Rhett had to say.
The "machine" flag is ignored by CryptUnprotectData. Whether or not the
machine key is used (as opposed to the current user key) depends on the flag
passed to CryptProtectData.
The "description" field is output only in the CryptUnprotectData function.
This probably isn't causing your problem, but I'd thought I'd mention it
anyway.
The "bad keystate" error code is returned when the decryption operation
fails for some reason. It's pretty generic. This most often indicates a
problem with the user password such as (1) the user password has changed
since the CryptProtectData function was called and the automatic recovery
has failed or (2) the blob was encrypted by a different user than the one
that's attempting to decrypt it.
This error code is not typically returned when the "machine" flag was passed
into the CryptProtectData function, as in this case there's not too much
that can go wrong. No user passwords are involved in this case, after all.
Please double-check that you are indeed passing in the machine flag when
calling CryptProtectData...
Oh yeah, one more thing. The "bad key state" error code will also be
returned by CryptUnprotectData if the data passed in the optional entropy
field doesn't exactly match what was passed in the call to CryptProtectData,
and so you should also double-check this.
Regards,
John Banes
This posting is provided "AS IS" with no warranties, and confers no rights.
"Roy Chastain" <roy@kmsys.com> wrote in message
news:qcb7d1l2eg6laino0ik0vgvcjef4c0vj8r@4ax.com...
> No, I have not created a support incident with the product group. I did
> ask a my MS 'buddy' about the issue, maybe that created a
> support incident, but I have not heard anything from there either.
>
> There used to be a guy named John Banes working this group. He 'appeared'
> to have code access.
>
> Thanks for you attempts.
>
> On Tue, 12 Jul 2005 05:32:08 GMT, v-raygon@online.microsoft.com (Rhett
> Gong [MSFT]) wrote:
>
>>Hi Roy,
>>Unfortunately, I don't have access to the source code, so it is a bit
>>difficult for me to determine what it actually did internally. I saw you
>>had created a supported incident to our Product group. , I suggest you
>>follow up them for further information.
>>In addition, if you feel there is anything I can assist, please feel free
>>to let me know.
>>
>>
>>Thanks,
>>Rhett Gong [MSFT]
>>Microsoft Online Partner Support
>>Get Secure! - www.microsoft.com/security
>>http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.asp
>>&SD=msdn
>>
>>This posting is provided "AS IS" with no warranties and confers no rights.
>
> -------------------------------------------
> Roy Chastain
> KMSYS Worldwide, Inc.
> http://www.kmsys.com
- Next message: Eugene Mayevski: "Re: How to verify a SignedData (CMS, RFC3369) object?"
- Previous message: Richard Ward: "Re: validate username and password from workgroup computer"
- In reply to: Roy Chastain: "Re: CryptUnprotectData in DPAPI returning 0x8009000b - undocumented"
- Next in thread: Rhett Gong [MSFT]: "Re: CryptUnprotectData in DPAPI returning 0x8009000b - undocumented"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
