encryption - Can I save passwords securely and retrieve them without asking for a master password? -
i'm trying understand how save passwords used on app securely, user doesn't have remember them @ same time nobody can them looking @ data app.
i imagine files containing passwords should encrypted, doub whether user have input "master password" retrieve stored passwords or if there way app can retrieve them without input user.
can app retrieve passwords without user needing write master password? how done?
on windows best solution use data protection api, used chrome, ie, remote desktop connection, , dozens of other technologies, encrypt data.
the virtue data encrypted (in round-about way) user's own windows password. when user types password windows, makes "protected" data available.
features:
- the data encrypted
- the user doesn't have enter password encrypt data
- only user can ever decrypt it
- the user not have enter password decrypt data
sample pseudo-code
the api want cryptprotectdata , cryptunprotectdata:
public bytes[] protectbytes(bytes[] plaintext) { data_blob datain; datain.cbdata = plaintext.length; datain.pbdata = addr(plaintext[0]); data_blob dataout; bool bres = cryptprotectdata( datain, null, //data description (optional pwidechar) null, //optional entropy (pdata_blob) null, //reserved null, //prompt struct cryptprotect_ui_forbidden, ref dataout); if (!bres) { dword le = getlasterror(); throw new win32error(le, "error calling cryptprotectdata"); } //copy ciphertext dataout blob actual array bytes[] result; setlength(result, dataout.cbdata); copymemory(dataout.pbdata, addr(result[0]), dataout.cbdata); //when have finished using data_blob structure, free pbdata member calling localfree function localfree(handle(dataout.pbdata)); //localfree takes handle, not pointer. that's sdk says. } later, when need decrypt blob, use cryptprotectdata.
the data (effectively) encrypted user's windows password; , person windows password can decrypt it.
note: code released public domain. no attribution required.