The CAESEncRegKey class addresses the occasional problem of securely saving data to the Registry. This article presents Yet Another Registry Class that uses AES to encrypt data.
Note: On May 19, 2005, DES (FIPS 46-3) was withdrawn, and is no longer approved for Federal use.
The underlying Cryptographic library is Wei Dai’s Crypto++. If required, Crypto++ is FIPS 140-2 conformant. Using the conformant version of the library requires the programmer to load the library as a DLL.
Windows maintains a secure area of the Registry called the SAM (Security Accounts Manager). Users, administrators, and programmers are generally not permitted access to this area of the Registry directly. One must use API functions such as the LSA family, or tools such as User Manager for Domains or Active Directory Users and Computers.
To allow programmers to securely save data to the Registry (but not the SAM), a programmer can use CAESEncRegKey. However, there are a few limitations that one must observe when using the Registry. The most important for the purposes of this article is limiting binary data (value type REG_BINARY) size at or below 2048 bytes. See Microsoft’s Registry Element Size Limit in MSDN.
This article includes four downloads:
- GUI demo
- CLI demo
- Source Code
- Key and IV Generator Program
The GUI demo is a release build demonstration that exercises the CAESEncRegKey class. The CLI (command line) demo is an AES proof of concept using the Crypto++ library. It simply demonstrates the Crypto++ AES Encryption/Decryption process.
The Key and IV Generator program uses the Crypto++ AutoSeededRandomPool PRNG to create pseudo random values for the Key and IV vectors.
Compiling and Integrating Crypto++ into the Microsoft Visual C++ Environment
Please see the related article, Compiling and Integrating Crypto++ into the Microsoft Visual C++ Environment.