6

I would like to store valuable client data (ex. passwords, OAuth tokens) in a way that they will be accessible only from one application (separation on application base). The mechanism must be transparent for the user - additional password protection will be irritating.

Is there any way to achieve that in Windows?

(In Android case such separation is possible by assigning each application unique user ID and taking advantage of standard *nix mechanisms.)

I am aware of existence of Isolated Storage (http://msdn.microsoft.com/en-us/library/3ak841sy.aspx), but the documentation states clearly it is not recommended for storing valuable data:

You should not use isolated storage in the following situations:

  • To store high-value secrets, such as unencrypted keys or passwords, because isolated storage is not protected from highly trusted code, from unmanaged code, or from trusted users of the computer.
random_crane
  • 101
  • 5

1 Answers1

3

You should use DPAPI to encrypt the data before storing it in Isolated Storage. While DPAPI is mostly targeted at per-user security, not per-app, it does have some provisions for your scenario:

A small drawback to using the logon password is that all applications running under the same user can access any protected data that they know about. Of course, because applications must store their own protected data, gaining access to the data could be somewhat difficult for other applications, but certainly not impossible. To counteract this, DPAPI allows an application to use an additional secret when protecting data. This additional secret is then required to unprotect the data.

Bruce
  • 551
  • 3
  • 4
  • From the linked [DPAPI](http://msdn.microsoft.com/en-us/library/ms995355.aspx) article: "This 'secret' should be called secondary entropy. [...] Applications should be careful about how they use and store this entropy. If it is simply saved to a file unprotected, then adversaries could access the entropy and use it to unprotect an application's data." – random_crane Nov 13 '14 at 09:21
  • The question is about how to store **the first** secret. If the secret is hard-coded into application binary or stored in some file, nothing holds malicious application from accessing it. If secret is not stored, you have to ask the user, which would be irritating (especially if there was more than one application which would like to use such protection) – random_crane Nov 13 '14 at 09:22
  • Good point. :( Its possible you can use AppContainer technology to create some kind of store that is ACL'ed so only your app can access it. The doc for [CreateAppContainerProfile](http://msdn.microsoft.com/en-us/library/windows/desktop/hh448539(v=vs.85).aspx) for example, seems to imply this is possible, with language like "The folders have ACLs that prevent them from being accessed by other users and apps." I'm afraid I don't personally know about those APIs, though, and the online docs seem sparse and scattered. – Bruce Nov 13 '14 at 15:49