Skip to main content

dpapi_core/
lib.rs

1//! Pure-Rust, byte-oriented DPAPI library.
2//!
3//! `dpapi-core` parses the Windows `DPAPI_BLOB` wire format, decrypts a blob
4//! **given its master key**, and unwraps Chrome/Edge `v10`/`v20` AES-256-GCM
5//! cookie values. Every entry point takes `&[u8]` and performs no I/O, so the
6//! same code serves both live-memory (LSASS) and on-disk artifacts (Chrome
7//! `Login Data` / `Local State`, Credential Manager, Vault, Wi-Fi keys).
8//!
9//! The blob format and the decrypt-given-key crypto are identical on disk and
10//! in memory; only the *source* of the master key differs by medium (LSASS
11//! cache vs. master-key files + password derivation), which lives in callers.
12//!
13//! All cryptography uses audited RustCrypto crates — no hand-rolled primitives.
14
15pub mod blob;
16pub mod chrome;
17pub mod credential;
18pub mod decrypt;
19pub mod error;
20pub mod masterkey;
21pub mod vault;
22pub mod wifi;
23
24pub use blob::{parse_dpapi_blob, DpapiBlob};
25pub use chrome::{
26    decrypt_local_state_key, decrypt_v10_cookie, detect_chrome_cookie_encoding,
27    parse_local_state_encrypted_key, ChromeCookieEncoding,
28};
29pub use credential::{decrypt_credential, parse_credential_file, Credential};
30pub use decrypt::{decrypt_aes256_cbc, decrypt_dpapi_blob, verify_hmac_sha1};
31pub use error::DpapiError;
32pub use masterkey::{
33    derive_master_key_from_domain_backup, derive_master_key_from_password,
34    derive_master_key_from_prekey, parse_master_key, parse_masterkey_file, prekey_from_password,
35    prekey_from_sha1, MasterKey, MasterKeyFile, MASTER_KEY_LEN,
36};
37pub use vault::{
38    decrypt_vcrd_attribute, decrypt_vpol_keys, parse_internet_explorer, parse_vcrd_attributes,
39    parse_vpol_file, VaultVpolKeys, VcrdAttribute, WebCredential,
40};
41pub use wifi::{decrypt_wlan_key_material, extract_key_material};