Windows Registry decryption (CryptUnprotectData) WPA keys

I am writing a program for linux in C to extract the wpa/wep key from a windows registry hive.

Initially I was hoping to use wine's CryptUnprotectData function, but I realise now that wine uses a different algorithm and just mimics window's version. I also realise that only the user that encrypted the data can decrypt it.

I am using wzcook from the aircrack-ng suite as a guide. http://tools.assembla.com/b6stFY7MOr2QtlaaeP0Qfc/browser/Windows/wzcook/wzcook.c

I've extracted the data from a hive without problems but I'm kind of stuck on how to decrypt the key.

If the key is encrypted in the registry for one user, then how does another 开发者_开发问答user decrypt that data? I'm sure they don't have to retype the psk / passphrase if it has been already stored?

Is the data definitely encrypted even when offline (accessing the hive from linux)?

Any other solution for solving this, other than reverse engineering Microsoft's algorithm? :D

Any help / advise you can give is really appreciated,

Thanks.

As I understand it DPAPI uses a hash calculated from the user's actual password, so you would need both an open-source implementation of the Crypt functions and an explicit password from the user.

There has been some work on implementing CryptUnprotectData recently: DPAPIck