Expand description
Windows Data Protection API (DPAPI) wrapper for Rust
This library provides a safe wrapper around Windows’ built-in encryption system (DPAPI). It allows you to encrypt and decrypt data that is tied to either the current user or the local machine.
§Security Considerations
- Data encrypted with
Scope::Usercan only be decrypted by the same user on the same machine - Data encrypted with
Scope::Machinecan be decrypted by any user on the same machine - Encrypted data cannot be decrypted on a different machine
- The encryption is tied to the Windows user/machine credentials
§Examples
use windows_dpapi::{encrypt_data, decrypt_data, Scope};
fn main() -> anyhow::Result<()> {
// Encrypt data for current user only
let secret = b"my secret data";
let encrypted = encrypt_data(secret, Scope::User)?;
// Decrypt the data
let decrypted = decrypt_data(&encrypted, Scope::User)?;
assert_eq!(secret, decrypted.as_slice());
Ok(())
}§Common Use Cases
- Storing application secrets
- Securing user credentials
- Protecting sensitive configuration data
§Limitations
- Windows-only (this crate will not compile on other platforms)
- Data cannot be decrypted on a different machine
- Machine scope is less secure than user scope
Enums§
- Scope
- Defines the encryption scope: user or machine
Functions§
- decrypt_
data - Decrypts data that was encrypted using Windows DPAPI
- encrypt_
data - Encrypts data using Windows DPAPI