Skip to main content

 none
CryptProtectData impersonating another user? RRS feed

  • Question

  • Is there a way to call CryptProtectData impersonating another user?

    I'd like to encrypt data so that only someone logged in as that user can decrypt it with CryptUnprotectData.

    Thanks.

    Sunday, April 8, 2012 5:13 AM

All replies

  • Hi Neil,

      As far as I know, this is not possible. Master Keys [which are used to derive the key that protects your data] are protected by a key derived from the users password. When you impersonate a user, you don't have a way to get the key which protects a master key.  The only way I can see getting around this is if you are joined to a domain. Master keys are also encrypted to a public key on the domain controller. If the impersonator has delegation permission to the DC then the master key can be decrypted in the context of the impersonated user.

    Hope that helps,

    Andrew

    Monday, April 9, 2012 3:08 AM
  • Is there a way of encrypting the data with the user's default Public key (the one associated with their user account)?

    Tuesday, April 10, 2012 7:05 PM
  • I don't know of such a concept in Windows. Can you elaborate?

    Andrew

    Monday, April 16, 2012 8:49 PM