Windows API or algorithm to store data and allow access only for signed code (or the code that created it)?

0 投票
最新提问 用户: (120 分)

I need to store protected data in Windows and allow access to it only for my app. Is there an API that allows restriction of access to some data only for the code that created it? The code is signed so if I could access to the data for code that's signed with my certificate the problem would be solved.

Does this make sense? I have looked at Credential Store, Protected Data and Isolated Storage and none of them seem to allow restriction of access in the way I need it.

I am using .NET on Windows 8.1 but a solution for C++ would be perfectly fine.

I hope this makes sense.

发表于 用户: (300 分)
encrypt data before store and decrypt after get
发表于 用户: (900 分)
user223475, that's not how the Windows security model works. There's no point, anyway. An attacker would just run your program, let it decrypt the data, and then read it out of your program's memory. You could encrypt the data in memory and only decrypt it a bit at a time, but that would only make it harder, not impossible, for the user to get at. If the data mustn't be revealed to the user, you'll have to store it somewhere other than the user's computer.
发表于 用户: (120 分)
We have some other protections on the device so it would be hard to run something that reads memory.
发表于 用户: (900 分)
If the device is locked down so that the user can't run potentially malicious applications, why do you need to do anything?
发表于 用户: (540 分)
I suggest that if security matters to you, you hire an expert. Trying to do this without an expert at hand typically results in a false sense if security.

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。