Data Protection API

The Windows Data Protection API (DPAPI) is mainly used to symmetrically encrypt asymmetric private keys using a user or system secret as a significant contribution of entropy.

The DPAPI keys to encrypt a user's RSI keys are stored under %appdata%\Microsoft\Protect\S-1-5-21-….