The CredUnprotect function decrypts credentials that were previously encrypted by using the CredProtect function. The credentials must have been encrypted in the same security context in which CredUnprotect is called.
BOOL CredUnprotectA( BOOL fAsSelf, LPSTR pszProtectedCredentials, DWORD cchProtectedCredentials, LPSTR pszCredentials, DWORD *pcchMaxChars );
Set to TRUE to specify that the credentials were encrypted in the security context of the current process. Set to FALSE to specify that credentials were encrypted in the security context of the calling thread security context.
A pointer to a string that specifies the encrypted credentials.
The size, in characters, of the pszProtectedCredentials buffer.
A pointer to a string that, on output, receives the decrypted credentials.
The size, in characters of the pszCredentials buffer. On output, if the pszCredentials is not of sufficient size to receive the encrypted credentials, this parameter specifies the required size, in characters, of the pszCredentials buffer.
TRUE if the function succeeds; otherwise, FALSE.
For extended error information, call the GetLastError function. The following table shows common values for the GetLastError function.
||The security context used to encrypt the credentials is different from the security context used to decrypt the credentials.|
||The pszCredentials buffer was of insufficient size.|
|Minimum supported client||Windows Vista [desktop apps only]|
|Minimum supported server||Windows Server 2008 [desktop apps only]|