Open sepcnt opened 1 year ago
First Crypt(Un)ProtectMemory is irrelevant as it only affects memory paging to my knowledge
About Crypt(Un)ProtectData I don't know if it is a good idea to offer that level of portability, credentials should not be that easy to access, and a proper implementation would need to make sandman ask for a password when needed and save the data encrypted in the box.
Also we would probably need to manipulate the protected storage to have the data stored there also portable.
Sounds like a lot of work for a rather fringe use case.
Do other users want such a functionality?
Doesn't this also allow separating sandboxes from each other even further? If so, it appears to be a good thing, the question is just under what cost.
Is your feature request related to a problem or use case?
DPAPI use Windows User Identity Token and User Private Key to d/encrypt data. Some applications use DPAPI to salt their data, which make the sandbox no longer portable. Will it be beneficial to hook those relating APIs and add "User Identity Token Simulation" option for Sandboxie?
Describe the solution you'd like
APIs to hook:
Describe alternatives you've considered
No response