Securing data to a process identity

x-posted to microsoft.public.security and microsoft.public.security.crypto
Hello all -

I've been looking for a way to do this, and I'm hoping someone either can
point me at the obvious API that does this that I somehow missed after
searching long and hard, or else can comment on an idea I'll outline below
that I think would get me there.

First, here's what I'm trying to do: I want something similar to DPAPI, but
with process identity granularity. I'm going to have an administrative UI
that would take a service ID and password, call LogonUser, and then call my
encryption API to encrypt data based on something unique to the security
context created by LogonUser. Later, I want a process configured to run as
that service ID / password identity - and *only* processes running with that
identity - to be able to call a decryption API on that data. (As for why I
want this, it's to provide a "vault" to applications in a shared
environment, where I don't want to require that applications "trust" each
other. Machine-level DPAPI is inadequate for this, since any application can
decrypt another app's secrets.)

So maybe I've missed an obvious way you do this in Windows, and someone can
point me at the right API ... but if not, here's my idea:

An obvious secret associated with the process' identity is the password
hash, but how to get at it - there's no API that I can find that would let
me do that. (Of course there are hacker tools that do this using kernel mode
code, but I don't want anything so messy.) Now here's the idea: I do both
client and server sides of the NTLM challenge / response using SSPI (I have
code that does this already from something else), but I don't really do the
server side that would be generating a random challenge. Instead I feed a
constant pre-baked challenge packet to the second call to
InitializeSecurityContext, so that I get the same challenge response packet
every time, but one which still depends uniquely on the caller's security
context. That challenge response could then be used in a CryptDeriveKey call
to get the actual reversible encryption key.

I'd appreciate any comments. (Weakenesses, reasons it won't work, better
approaches, etc.)

Thanks,
Steve Schuler
Safeco Insurance


.

Relevant Pages

  • Securing data to a process identity
    ... encryption API to encrypt data based on something unique to the security ... so that I get the same challenge response packet ... to get the actual reversible encryption key. ...
    (microsoft.public.security)
  • Re: Advanced Linux Programming
    ... this response are following the thread. ... The GVIM syntax highlighting seems to help me, ... but GVIM is not so archaic and acts like any other Win32 ... I am familiar with both Linux Kernel and the Win32 API. ...
    (alt.lang.asm)
  • Re: Securing data to a process identity
    ... encryption API to encrypt data based on something unique to the security ... so that I get the same challenge response packet ... to get the actual reversible encryption key. ...
    (microsoft.public.platformsdk.security)
  • Re: using serial port using APIs
    ... I don't know if RThreshold property setting was a factor in slowing the ... when receiving characters, or fire after every RThreshold ... >I have switched to using API Calls and the response is great. ...
    (microsoft.public.vb.winapi)
  • RE: Windows Vista and NetSharingManager.EnumEveryConnection
    ... With the information of this API you can ... For a total view of Windows Firewall API, ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.win32.programmer.networks)