Initial graduated contribution
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/.classpath b/bundles/org.eclipse.equinox.security.win32.x86/.classpath
new file mode 100644
index 0000000..065ac06
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/.classpath
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" path="src"/>
+	<classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+	<classpathentry kind="output" path="bin"/>
+</classpath>
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/.project b/bundles/org.eclipse.equinox.security.win32.x86/.project
new file mode 100644
index 0000000..fd6e4d9
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/.project
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>org.eclipse.equinox.security.win32.x86</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.pde.ManifestBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.pde.SchemaBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.pde.PluginNature</nature>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+	</natures>
+</projectDescription>
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/.settings/org.eclipse.jdt.core.prefs b/bundles/org.eclipse.equinox.security.win32.x86/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 0000000..743005f
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,7 @@
+#Tue Jan 08 16:13:49 EST 2008
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.2
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=warning
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
+org.eclipse.jdt.core.compiler.source=1.3
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/META-INF/MANIFEST.MF b/bundles/org.eclipse.equinox.security.win32.x86/META-INF/MANIFEST.MF
new file mode 100644
index 0000000..869e118
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/META-INF/MANIFEST.MF
@@ -0,0 +1,12 @@
+Manifest-Version: 1.0
+Bundle-ManifestVersion: 2
+Bundle-Name: %fragmentName
+Bundle-SymbolicName: org.eclipse.equinox.security.win32.x86;singleton:=true
+Bundle-Version: 1.0.0.qualifier
+Bundle-Vendor: %providerName
+Fragment-Host: org.eclipse.equinox.security;bundle-version="[1.0.0,2.0.0)"
+Bundle-RequiredExecutionEnvironment: J2SE-1.4
+Bundle-Localization: fragment
+Eclipse-PlatformFilter: (& (osgi.os=win32) (osgi.arch=x86))
+Export-Package: org.eclipse.equinox.internal.security.win32;x-internal:=true
+Require-Bundle: org.eclipse.swt;bundle-version="3.4.0";resolution:=optional
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/about.html b/bundles/org.eclipse.equinox.security.win32.x86/about.html
new file mode 100644
index 0000000..4602330
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/about.html
@@ -0,0 +1,28 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
+<title>About</title>
+</head>
+<body lang="EN-US">
+<h2>About This Content</h2>
+ 
+<p>June 2, 2006</p>	
+<h3>License</h3>
+
+<p>The Eclipse Foundation makes available all content in this plug-in (&quot;Content&quot;).  Unless otherwise 
+indicated below, the Content is provided to you under the terms and conditions of the
+Eclipse Public License Version 1.0 (&quot;EPL&quot;).  A copy of the EPL is available 
+at <a href="http://www.eclipse.org/legal/epl-v10.html">http://www.eclipse.org/legal/epl-v10.html</a>.
+For purposes of the EPL, &quot;Program&quot; will mean the Content.</p>
+
+<p>If you did not receive this Content directly from the Eclipse Foundation, the Content is 
+being redistributed by another party (&quot;Redistributor&quot;) and different terms and conditions may
+apply to your use of any object code in the Content.  Check the Redistributor's license that was 
+provided with the Content.  If no such license exists, contact the Redistributor.  Unless otherwise
+indicated below, the terms and conditions of the EPL still apply to any source code in the Content
+and such source code may be obtained at <a href="http://www.eclipse.org">http://www.eclipse.org</a>.</p>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/build.properties b/bundles/org.eclipse.equinox.security.win32.x86/build.properties
new file mode 100644
index 0000000..f8c2037
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/build.properties
@@ -0,0 +1,12 @@
+source.. = src/
+output.. = bin/
+bin.includes = META-INF/,\
+               .,\
+               fragment.properties,\
+               fragment.xml,\
+               about.html,\
+               jnicrypt.dll
+src.includes = cpp/,\
+               META-INF/,\
+               about.html,\
+               src/
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/cpp/ReadMe.txt b/bundles/org.eclipse.equinox.security.win32.x86/cpp/ReadMe.txt
new file mode 100644
index 0000000..b5f137c
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/cpp/ReadMe.txt
@@ -0,0 +1,31 @@
+/*******************************************************************************
+ * Copyright (c) 2007 IBM Corporation and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ * 
+ * Contributors:
+ *     IBM Corporation - initial API and implementation
+ *******************************************************************************/
+
+This is a JNI bridge to access native Windows encryption methods from Java. The methods
+perform user-specific encryption of the data. The same user can later decrypt data using 
+methods provided by this DLL. A different user won't be able to decrypt the data. 
+
+If the user has a roaming profile, he can decrypt data on a different computer in the domain.
+
+In the event if stand-alone computer needs to have OS re-installed (or the domain controller
+and the computer in the domain), be sure to create Windows password recovery disk BEFORE 
+re-installing the operating system.
+
+Note that this mechanism is intended to be used with small size data (i.e., passwords). For 
+large amount of data consider encrypting your password using this mechanism and using 
+symmetric encryption to encrypt the data.
+
+To compile this DLL:
+=> JAVA_HOME environment variable needs to be setup so that jni.h can be found
+
+Note C++ projects settings:
+=> Additional include directories - "$(JAVA_HOME)/include";"$(JAVA_HOME)/include/win32"
+=> Additional linker dependency - Crypt32.lib
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/cpp/jnicrypt.cpp b/bundles/org.eclipse.equinox.security.win32.x86/cpp/jnicrypt.cpp
new file mode 100644
index 0000000..9a8f2c4
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/cpp/jnicrypt.cpp
@@ -0,0 +1,81 @@
+/*******************************************************************************
+ * Copyright (c) 2007, 2008 IBM Corporation and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ * 
+ * Contributors:
+ *     IBM Corporation - initial API and implementation
+ *******************************************************************************/
+
+#define WIN32_LEAN_AND_MEAN		// Exclude rarely-used stuff from Windows headers
+
+#include <windows.h>
+#include <wincrypt.h>
+#include "jnicrypt.h"
+
+BOOL APIENTRY DllMain(HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved)
+{
+    return TRUE;
+}
+
+JNIEXPORT jbyteArray JNICALL Java_org_eclipse_equinox_internal_security_win32_WinCrypto_winencrypt
+  (JNIEnv *env, jobject obj, jbyteArray value)
+{
+	jsize size = env->GetArrayLength(value);
+	jbyte *body = env->GetByteArrayElements(value, NULL);
+	if (body == NULL)
+		return NULL;
+
+	DATA_BLOB clearText;
+	DATA_BLOB encryptedText;
+	clearText.pbData = (BYTE*) body;
+	clearText.cbData = (DWORD) size;
+
+	BOOL result = CryptProtectData(&clearText, L"Equinox", NULL, NULL, NULL, 0, &encryptedText);
+
+    // release memory allocated by Java environment
+	env->ReleaseByteArrayElements(value, body, 0);
+
+    if (result == FALSE)
+		return NULL;
+
+    jbyteArray returnArray = env->NewByteArray(encryptedText.cbData);
+	env->SetByteArrayRegion(returnArray, 0, encryptedText.cbData, (jbyte*) encryptedText.pbData);
+	LocalFree(encryptedText.pbData); // no need any more, have Java representation
+
+	return returnArray;
+}
+
+JNIEXPORT jbyteArray JNICALL Java_org_eclipse_equinox_internal_security_win32_WinCrypto_windecrypt
+  (JNIEnv *env, jobject obj, jbyteArray value)
+{
+	jsize size = env->GetArrayLength(value);
+	jbyte *body = env->GetByteArrayElements(value, NULL);
+	if (body == NULL)
+		return NULL;
+
+	DATA_BLOB clearText;
+	DATA_BLOB encryptedText;
+	encryptedText.pbData = (BYTE*) body;
+	encryptedText.cbData = (DWORD) size;
+
+	LPWSTR pDescrOut =  NULL;
+	BOOL result = CryptUnprotectData(&encryptedText, &pDescrOut, NULL, NULL, NULL, 0, &clearText);
+
+	if (pDescrOut != NULL)
+		LocalFree(pDescrOut);
+
+    // release memory allocated by Java environment
+	env->ReleaseByteArrayElements(value, body, 0);
+
+	if (result == FALSE)
+		return NULL;
+
+    jbyteArray returnArray = env->NewByteArray(clearText.cbData);
+	env->SetByteArrayRegion(returnArray, 0, clearText.cbData, (jbyte*) clearText.pbData);
+	LocalFree(clearText.pbData); // no need any more, have Java representation
+
+	return returnArray;
+}
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/cpp/jnicrypt.h b/bundles/org.eclipse.equinox.security.win32.x86/cpp/jnicrypt.h
new file mode 100644
index 0000000..9d44ffe
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/cpp/jnicrypt.h
@@ -0,0 +1,28 @@
+/*******************************************************************************
+ * Copyright (c) 2007, 2008 IBM Corporation and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ * 
+ * Contributors:
+ *     IBM Corporation - initial API and implementation
+ *******************************************************************************/
+#include <jni.h>
+
+#ifndef EQUINOX_WIN32_CRYPTO
+#define EQUINOX_WIN32_CRYPTO
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+JNIEXPORT jbyteArray JNICALL Java_org_eclipse_equinox_internal_security_win32_WinCrypto_windecrypt(JNIEnv *, jobject, jbyteArray);
+JNIEXPORT jbyteArray JNICALL Java_org_eclipse_equinox_internal_security_win32_WinCrypto_winencrypt(JNIEnv *, jobject, jbyteArray);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // #ifndef EQUINOX_WIN32_CRYPTO
+
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/cpp/jnicrypt.vcproj b/bundles/org.eclipse.equinox.security.win32.x86/cpp/jnicrypt.vcproj
new file mode 100644
index 0000000..c207c57
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/cpp/jnicrypt.vcproj
@@ -0,0 +1,209 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8.00"
+	Name="jnicrypt"
+	ProjectGUID="{F34C755E-2053-4783-85FC-356BC2CE2A35}"
+	RootNamespace="jnicrypt"
+	Keyword="Win32Proj"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="&quot;$(JAVA_HOME)/include&quot;;&quot;$(JAVA_HOME)/include/win32&quot;"
+				PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;JNICRYPT_EXPORTS"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="Crypt32.lib"
+				LinkIncremental="2"
+				GenerateDebugInformation="true"
+				SubSystem="2"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="1"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				AdditionalIncludeDirectories="&quot;$(JAVA_HOME)/include&quot;;&quot;$(JAVA_HOME)/include/win32&quot;"
+				PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;JNICRYPT_EXPORTS"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="Crypt32.lib"
+				LinkIncremental="1"
+				GenerateDebugInformation="true"
+				SubSystem="2"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath=".\jnicrypt.cpp"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+			<File
+				RelativePath=".\jnicrypt.h"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+		<File
+			RelativePath=".\ReadMe.txt"
+			>
+		</File>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/fragment.properties b/bundles/org.eclipse.equinox.security.win32.x86/fragment.properties
new file mode 100644
index 0000000..79c7758
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/fragment.properties
@@ -0,0 +1,13 @@
+###############################################################################
+# Copyright (c) 2008 IBM Corporation and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+# Contributors:
+#     IBM Corporation - initial API and implementation
+###############################################################################
+fragmentName = Windows Data Protection services integration
+providerName = Eclipse.org
+moduleName = Password provider backed by the Windows Data Protection API (DPAPI)
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/fragment.xml b/bundles/org.eclipse.equinox.security.win32.x86/fragment.xml
new file mode 100644
index 0000000..bb3899f
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/fragment.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?eclipse version="3.2"?>
+<fragment>
+   <extension
+         id="WindowsPasswordProvider"
+         name="%moduleName"
+         point="org.eclipse.equinox.security.secureStorage">
+      <provider
+            class="org.eclipse.equinox.internal.security.win32.WinCrypto"
+            priority="5">
+      </provider>
+   </extension>
+
+</fragment>
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/jnicrypt.dll b/bundles/org.eclipse.equinox.security.win32.x86/jnicrypt.dll
new file mode 100644
index 0000000..bbfbafa
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/jnicrypt.dll
Binary files differ
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/src/org/eclipse/equinox/internal/security/win32/WinCrypto.java b/bundles/org.eclipse.equinox.security.win32.x86/src/org/eclipse/equinox/internal/security/win32/WinCrypto.java
new file mode 100644
index 0000000..724fe80
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/src/org/eclipse/equinox/internal/security/win32/WinCrypto.java
@@ -0,0 +1,143 @@
+/*******************************************************************************
+ * Copyright (c) 2008 IBM Corporation and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ * 
+ * Contributors:
+ *     IBM Corporation - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.equinox.internal.security.win32;
+
+import java.io.IOException;
+import java.security.SecureRandom;
+
+import javax.crypto.spec.PBEKeySpec;
+
+import org.eclipse.equinox.internal.security.auth.AuthPlugin;
+import org.eclipse.equinox.internal.security.auth.nls.SecAuthMessages;
+import org.eclipse.equinox.internal.security.storage.Base64;
+import org.eclipse.equinox.internal.security.win32.nls.WinCryptoMessages;
+import org.eclipse.equinox.security.storage.ISecurePreferences;
+import org.eclipse.equinox.security.storage.StorageException;
+import org.eclipse.equinox.security.storage.provider.IPreferencesContainer;
+import org.eclipse.equinox.security.storage.provider.IProviderHints;
+import org.eclipse.equinox.security.storage.provider.PasswordProvider;
+
+/**
+ * Provides interface with native Windows data protection API. This provider
+ * auto-generates separate passwords for each secure preferences tree.
+ */
+public class WinCrypto extends PasswordProvider {
+
+	native public byte[] windecrypt(byte[] encryptedText);
+
+	native public byte[] winencrypt(byte[] clearText);
+
+	static {
+		System.loadLibrary("jnicrypt");
+	}
+	
+	private final static String WIN_PROVIDER_NODE = "/org.eclipse.equinox.secure.storage/windows";
+	private final static String PASSWORD_KEY = "encryptedPassword";
+
+	/**
+	 * The length of the randomly generated password in bytes
+	 */
+	private final static int PASSWORD_LENGTH = 250;
+
+	public PBEKeySpec login(IPreferencesContainer container) {
+		byte[] encryptedPassord = getEncryptedPassword(container);
+		if (encryptedPassord != null) {
+			byte[] decryptedPassword = windecrypt(encryptedPassord);
+			if (decryptedPassword != null) {
+				String password = new String(decryptedPassword);
+				return new PBEKeySpec(password.toCharArray());
+			} else {
+				StorageException e = new StorageException(StorageException.ENCRYPTION_ERROR, WinCryptoMessages.decryptPasswordFailed);
+				AuthPlugin.getDefault().logError(WinCryptoMessages.decryptPasswordFailed, e);
+
+				if (container.hasOption(IProviderHints.PROMPT_USER)) {
+					Object promptHint = container.getOption(IProviderHints.PROMPT_USER);
+					if (promptHint instanceof Boolean) {
+						boolean canPrompt = ((Boolean) promptHint).booleanValue();
+						if (!canPrompt)
+							return null;
+					}
+				}
+				try {
+					if (!WinCryptoUI.canRecreatePassword())
+						return null;
+				} catch (ClassNotFoundException exception) {
+					return null;
+				}
+				// follow down with new password generation
+			}
+		}
+
+		// add info message in the log
+		AuthPlugin.getDefault().logMessage(WinCryptoMessages.newPasswordGenerated);
+		
+		byte[] rawPassword = new byte[PASSWORD_LENGTH];
+		SecureRandom random = new SecureRandom();
+		random.setSeed(System.currentTimeMillis());
+		random.nextBytes(rawPassword);
+		String password = Base64.encode(rawPassword);
+		if (savePassword(password, container))
+			return new PBEKeySpec(password.toCharArray());
+		else
+			return null;
+	}
+
+	private byte[] getEncryptedPassword(IPreferencesContainer container) {
+		ISecurePreferences node = container.getPreferences().node(WIN_PROVIDER_NODE);
+		String passwordHint; 
+		try {
+			passwordHint = node.get(PASSWORD_KEY, null);
+		} catch (StorageException e) { // should never happen in this scenario
+			AuthPlugin.getDefault().logError(WinCryptoMessages.decryptPasswordFailed, e);
+			return null;
+		}
+		if (passwordHint == null)
+			return null;
+		return Base64.decode(passwordHint);
+	}
+
+	private boolean savePassword(String password, IPreferencesContainer container){
+		byte[] data = winencrypt(password.getBytes());
+		if (data == null) { // this is bad. Something wrong with OS or JNI.
+			StorageException e = new StorageException(StorageException.ENCRYPTION_ERROR, WinCryptoMessages.encryptPasswordFailed);
+			AuthPlugin.getDefault().logError(WinCryptoMessages.encryptPasswordFailed, e);
+			return false;
+		}
+		String encodedEncryptyedPassword = Base64.encode(data);
+		ISecurePreferences node = container.getPreferences().node(WIN_PROVIDER_NODE);
+		try {
+			node.put(PASSWORD_KEY, encodedEncryptyedPassword, false); // note we don't recursively try to encrypt
+		} catch (StorageException e) { // should never happen in this scenario
+			AuthPlugin.getDefault().logError(SecAuthMessages.errorOnSave, e);
+			return false;
+		}
+		try {
+			node.flush(); // save right away
+		} catch (IOException e) {
+			AuthPlugin.getDefault().logError(SecAuthMessages.errorOnSave, e);
+			return false;
+		}
+		return true;
+	}
+
+	public boolean changePassword(Exception e, IPreferencesContainer container) {
+		// It would be rather dangerous to allow this password to be changed
+		// as it would permanently trash all entries in the secure storage.
+		// Rather applications using get...() should handle exceptions and offer to overwrite 
+		// data on an entry-by-entry scale.
+		return false;
+	}
+
+	public void logout(IPreferencesContainer container) {
+		// nothing to do
+	}
+
+}
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/src/org/eclipse/equinox/internal/security/win32/WinCryptoUI.java b/bundles/org.eclipse.equinox.security.win32.x86/src/org/eclipse/equinox/internal/security/win32/WinCryptoUI.java
new file mode 100644
index 0000000..83f2cbc
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/src/org/eclipse/equinox/internal/security/win32/WinCryptoUI.java
@@ -0,0 +1,30 @@
+/*******************************************************************************
+ * Copyright (c) 2008 IBM Corporation and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ * 
+ * Contributors:
+ *     IBM Corporation - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.equinox.internal.security.win32;
+
+import org.eclipse.equinox.internal.security.win32.nls.WinCryptoMessages;
+import org.eclipse.swt.SWT;
+import org.eclipse.swt.widgets.MessageBox;
+import org.eclipse.swt.widgets.Shell;
+
+/**
+ * Isolates optional UI functionality
+ */
+public class WinCryptoUI {
+
+	public static boolean canRecreatePassword() throws ClassNotFoundException{
+		MessageBox dialog = new MessageBox(new Shell(), SWT.ICON_ERROR | SWT.YES | SWT.NO);
+		dialog.setText(WinCryptoMessages.newPasswordTitle);
+		dialog.setMessage(WinCryptoMessages.newPasswordMessage);
+		int result = dialog.open();
+		return (result == SWT.YES);
+	}
+}
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/src/org/eclipse/equinox/internal/security/win32/nls/WinCryptoMessages.java b/bundles/org.eclipse.equinox.security.win32.x86/src/org/eclipse/equinox/internal/security/win32/nls/WinCryptoMessages.java
new file mode 100644
index 0000000..d14c2a4
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/src/org/eclipse/equinox/internal/security/win32/nls/WinCryptoMessages.java
@@ -0,0 +1,34 @@
+/*******************************************************************************
+ * Copyright (c) 2008 IBM Corporation and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ * 
+ * Contributors:
+ *     IBM Corporation - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.equinox.internal.security.win32.nls;
+
+import org.eclipse.osgi.util.NLS;
+
+public class WinCryptoMessages extends NLS {
+
+	private static final String BUNDLE_NAME = "org.eclipse.equinox.internal.security.win32.nls.messages"; //$NON-NLS-1$
+
+	// Windows module
+	public static String encryptPasswordFailed;
+	public static String decryptPasswordFailed;
+	public static String newPasswordTitle;
+	public static String newPasswordMessage; 
+	public static String newPasswordGenerated;
+
+	static {
+		// load message values from bundle file
+		reloadMessages();
+	}
+
+	public static void reloadMessages() {
+		NLS.initializeMessages(BUNDLE_NAME, WinCryptoMessages.class);
+	}
+}
\ No newline at end of file
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/src/org/eclipse/equinox/internal/security/win32/nls/messages.properties b/bundles/org.eclipse.equinox.security.win32.x86/src/org/eclipse/equinox/internal/security/win32/nls/messages.properties
new file mode 100644
index 0000000..1f204f2
--- /dev/null
+++ b/bundles/org.eclipse.equinox.security.win32.x86/src/org/eclipse/equinox/internal/security/win32/nls/messages.properties
@@ -0,0 +1,17 @@
+###############################################################################
+# Copyright (c) 2008 IBM Corporation and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+# 
+# Contributors:
+#     IBM Corporation - initial API and implementation
+###############################################################################
+
+## Windows module
+encryptPasswordFailed = Unable to encrypt master password for storage.
+decryptPasswordFailed = Unable to decrypt master password.
+newPasswordTitle = Keyring password
+newPasswordMessage = Unable to retrieve keyring password. Would you like to generate new keyring password?
+newPasswordGenerated = New keyring password generated.