Windows DPAPI bindings.

Bindings for Windows DPAPI, for protecting data on one device using Windows logon or machine credentials. These functions return cipertext for you to store in a file or some other place. If you want the plaintext to be stored in the OS, you may be looking for the keyring package, which is also more portable. This is only bindings to the two most used functions CryptProtectData and CryptUnprotectData, as Microsoft no longer recommends its use in .NET (with SecureString).

Haskell bindings for Windows DPAPI

This project is to provide Haskell access to Windows's Data Protection API.

Usage

If you have some data that needs protecting such that only your user account can access it, say the location of your buried treasure, you could protect it with the following, then save it to a file or somewhere else.

saveEncrypted :: ByteString -> FilePath -> IO ()
saveEncrypted data filepath = cryptProtectData data Nothing CurrentUser *> writeFile filePath

Then you can get back easily, returning Nothing instead of catching an exception if you can't decrypt it.

readEncrypted :: FilePath -> IO (Maybe ByteString)
readEncrypted filepath = do
	data <- readFile filepath
	cryptUnprotectDataCheck data Nothing CurrentUser

You may want to covert the ciphertext to base64 or some other similar encoding before saving it, such as when you are saving it to a text file.

Tests

The tests rely on using PowerShell to protect and unprotect the data, to provide a half that works. However, this may trip your antimalware service when you run cabal test.