I have a windows exe which has to write some secure data to HKEY_LOCAL_MACHINE (HKLM). I also have a service running as NetworkService account which has to read that secure data. Note that exe and service run as different users.
Problem h开发者_StackOverflow社区ere is with securing the data. I tried with CryptProtectData, but the problem is that service cannot decrypt because the data was not encrypted using NetworkService account. I don't want to use CRYPTPROTECT_LOCAL_MACHINE flag while calling CryptProtectData as any user can decrypt it and essentially making it unsecure.
I am guessing that this is a common use case, but unable to find any solution. Any ideas please?
FYI, i am using visual C++ to write the exe and the service.
You're trying to use the registry as an inter-process communication (IPC) mechanism and you're finding that it's not very elegant.
A better architecture for what you're looking for would be to handle the encryption / decryption totally within the service and use a real IPC mechanism (TCP sockets, mailslot, etc) to transfer the data from the EXE to the service for encryption.
Edit:
The registry doesn't sound like the right place for this data, encryption aside. Putting on my "sysadmin hat" I'd much rather have your data in the filesytem than in the registry. Using the registry as a store-and-forward queue mechanism gives me the willies.
Insofar as cryptographic architecture I think you'd be best served using assymetric encryption. Let the EXE encrypt the data using the service's public key. The service can decrypt the data with its private key.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论