Protection Providers
Beginning with Windows 8, Microsoft began distributing the providers that enable you to securely share encrypted secrets and messages across computers. There are currently two key protection providers. The Microsoft Key Protection provider allows you to protect content to a group in an Active Directory forest. The Microsoft Client Key Protection provider allows you to protect content to a set of web credentials.
The correct protector to use is automatically chosen for you when the NCryptCreateProtectionDescriptor function parses the protection descriptor rule string your provide as input. The Microsoft Key Protection provider is chosen for rule strings that begin with SID, SDDL, and LOCAL. The Microsoft Client Key Protection provider parses rule strings that begin with WEBCREDENTIALS. For more information about rule strings, see Protection Descriptors.
Note
Custom providers are not currently allowed.CNG DPAPI
Related topics
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for