Home > database >  Generate a Secure Windows User Specific Cryptographic Key For Use In Credential Encryption
Generate a Secure Windows User Specific Cryptographic Key For Use In Credential Encryption

Time:05-25

As far as I can tell, VBA Excel doesn't support Windows Credential Manager. So I would like to build a mini version of my own credential manager.

I have a application that where a user enters username/password to login to a service. I would like to save this in a encrypted manner, so that the next time they attempt to login there credentials are cached(for up to 30 days).

Encryption is straight forward, but the challenge is generating a secure key that only that specific user would have access to.

What I've done in the past(in other language) is install a certificate with a private key on a server, then used the private key from the certificate as a Cryptographic Key. Here though I don't have access to the 1000 user machines the application is running on so that's not really a viable option.

I'd love to use windows Data Protection, but as far as I can tell that's .NET only. Is there any viable alternative here? I could use the user SID's but that's accessible by all users on the system and is not secure. I need a way to generate a secure Cryptographic Key specific and only available to the currently logged in user.

CodePudding user response:

I wanted to post this as a comment, but it is too big for a comment.

VBA was first launched with MS Excel 5.0 in 1993 and then it was upgraded many times. VBA 6.5 was released with Office 2007 somewhere around 2006. VBA 7.0 was released with Office 2010 somewhere around 2010 but there were no new features introduced in VBA 7 except for 64-bit support.

If I am not wrong, the Windows Credential Manager was introduced with Windows 7 which I believe was released somewhere in 2009. And like I mentioned earlier there were no new features introduced in VBA 7.

Now why this history lesson? This is because VBA is older than Windows Credentials with no significant upgrades and hence there are no methods, APIs etc to interact with Windows Credentials.

As far as creating a Windows secure key from VBA is concerned, that is also not possible. And the reason is very simple. The VBA itself is not secure. Any code that you write to encrypt, or decrypt can easily be seen in the VBA Editor. And if anyone has access to that code then, that person can easily use the same code to bypass the security check. Even if you protect the VBA with a password, it can be easily hacked. So, creating a Windows secure key from VBA is not possible.

The only solution to your problem in such a scenario (Using VBA) is hardware-based encryption. For example, using a USB security key or Biometrics (fingerprints scanner, iris scanner etc). A USB security key plugs into your computer's USB port and functions as an extra layer of security. This is extensively used by the banks.

  • Related