dpapi: Windows DPAPI bindings

[ mpl, system ] [ Propose Tags ] [ Report a vulnerability ]

Bindings for Windows DPAPI, for protecting data on one device using Windows logon or machine credentials. These functions return cipertext for you to store in a file or some other place. If you want the plaintext to be stored in the OS, you may be looking for the keyring package, which is also more portable. This is only bindings to the two most used functions CryptProtectData and CryptUnprotectData, as Microsoft no longer recommends its use in .NET (with SecureString).

[Skip to Readme]

Modules

System
- Win32
  - System.Win32.Dpapi
    - System.Win32.Dpapi.Internal

Downloads

dpapi-0.1.0.0.tar.gz [browse] (Cabal source package)
Package description (as included in the package)

Maintainer's Corner

Package maintainers

HexTheDragon

For package maintainers and hackage trustees

edit package information

Candidates

No Candidates

Versions [RSS]	0.1.0.0
Change log	CHANGELOG.md
Dependencies	base (>=4.18.3.0 && <4.19), bytestring (>=0.12.2 && <0.13), unbuildable (<0), Win32 (>=2.14 && <2.15) [details]
License	MPL-2.0
Author	Hex
Maintainer	elijahiff@gmail.com
Category	System
Home page	https://gitlab.com/Hex052/haskell-dpapi
Source repo	head: git clone https://gitlab.com/Hex052/haskell-dpapi this: git clone https://gitlab.com/Hex052/haskell-dpapi(tag 0.1.0.0)
Uploaded	by HexTheDragon at 2025-11-18T02:05:58Z
Distributions
Downloads	0 total (0 in the last 30 days)
Rating	(no votes yet) [estimated by Bayesian average]
Your Rating	λ λ λ
Status	Docs not available [build log] All reported builds failed as of 2025-11-18 [all 2 reports]

Readme for dpapi-0.1.0.0

[back to package description]

Haskell bindings for Windows DPAPI

This project is to provide Haskell access to Windows's Data Protection API.

Usage

If you have some data that needs protecting such that only your user account can access it, say the location of your buried treasure, you could protect it with the following, then save it to a file or somewhere else.

saveEncrypted :: ByteString -> FilePath -> IO ()
saveEncrypted data filepath = cryptProtectData data Nothing CurrentUser *> writeFile filePath

Then you can get back easily, returning Nothing instead of catching an exception if you can't decrypt it.

readEncrypted :: FilePath -> IO (Maybe ByteString)
readEncrypted filepath = do
	data <- readFile filepath
	cryptUnprotectDataCheck data Nothing CurrentUser

You may want to covert the ciphertext to base64 or some other similar encoding before saving it, such as when you are saving it to a text file.

Tests

The tests rely on using PowerShell to protect and unprotect the data, to provide a half that works. However, this may trip your antimalware service when you run cabal test.