Google Git
Sign in
chromium / chromium / src.git / main / . / chrome / browser / os_crypt
tree: 0de2a58899e017a1e3c212bcae4f7ecb4950226b [path history] [tgz]
  1. app_bound_encryption_provider_win.cc
  2. app_bound_encryption_provider_win.h
  3. app_bound_encryption_provider_win_unittest.cc
  4. app_bound_encryption_test_main.cc
  5. app_bound_encryption_win.cc
  6. app_bound_encryption_win.h
  7. app_bound_encryption_win_browsertest.cc
  8. app_bound_encryption_win_unittest.cc
  9. BUILD.gn
  10. DEPS
  11. os_crypt_async_browsertest.cc
  12. OWNERS
  13. README.md
  14. test_support.cc
  15. test_support.h
chrome/browser/os_crypt/README.md

This directory contains the interface to the application-bound encryption primitives that are implemented by the elevation service in [src/chrome/elevation_service].

EncryptAppBoundString and DecryptAppBoundString act like OSCrypt::EncryptString and OSCrypt::DecryptString implemented by [src/components/os_crypt] except that, unlike OSCrypt, which binds encrypted data to the current user using DPAPI, this API will bind the encrypted data with a ProtectionLevel specified by the caller.

ProtectionLevels are defined by chrome/elevation_service and are currently:

  • ProtectionLevel::PROTECTION_NONE

    This acts identically to DPAPI in that the protection level is user-bound. Only a DecryptAppBoundString call that comes from the same user principle as the original EncryptAppBoundString call with succeed.

  • ProtectionLevel::PROTECTION_PATH_VALIDATION

    This adds an additional protection that the path of the calling application will be validated. Only a DecryptAppBoundString call that comes from the same user principle, calling from the same Application (with the same file path) as the original EncryptAppBoundString call with succeed. It is only safe to call this from an application that is installed into a ‘Trusted Path’ such as C:\Program Files, otherwise protection can be trivially bypassed by renaming/placing a file into the required location.