An AES Encrypting Registry Class

Introduction

The CAESEncRegKey class addresses the occasional problem of securely saving data to the Registry. This article presents Yet Another Registry Class that uses AES to encrypt data.

Currently, there are three FIPS-approved symmetric encryption algorithms: AES, Triple DES, and Skipjack. The class presented uses AES or the Advanced Encryption Standard in CBC Mode.

Note: On May 19, 2005, DES (FIPS 46-3) was withdrawn, and is no longer approved for Federal use.

The underlying Cryptographic library is Wei Dai’s Crypto++. If required, Crypto++ is FIPS 140-2 conformant. Using the conformant version of the library requires the programmer to load the library as a DLL.

Other cryptographic libraries exist, such as Peter Guttman’s Cryptlib. The reader is encouraged to modify the program presented in this article to include other libraries.

Background

Windows maintains a secure area of the Registry called the SAM (Security Accounts Manager). Users, administrators, and programmers are generally not permitted access to this area of the Registry directly. One must use API functions such as the LSA family, or tools such as User Manager for Domains or Active Directory Users and Computers.

To allow programmers to securely save data to the Registry (but not the SAM), a programmer can use CAESEncRegKey. However, there are a few limitations that one must observe when using the Registry. The most important for the purposes of this article is limiting binary data (value type REG_BINARY) size at or below 2048 bytes. See Microsoft’s Registry Element Size Limit in MSDN.

Downloads

This article includes four downloads:

  • GUI demo
  • CLI demo
  • Source Code
  • Key and IV Generator Program

The GUI demo is a release build demonstration that exercises the CAESEncRegKey class. The CLI (command line) demo is an AES proof of concept using the Crypto++ library. It simply demonstrates the Crypto++ AES Encryption/Decryption process.

The Key and IV Generator program uses the Crypto++ AutoSeededRandomPool PRNG to create pseudo random values for the Key and IV vectors.

Compiling and Integrating Crypto++ into the Microsoft Visual C++ Environment

Please see the related article, Compiling and Integrating Crypto++ into the Microsoft Visual C++ Environment.

More by Author

Must Read