If Signal uses the Windows Data Protection API for saving/encrypting the key (and some data online suggests that it does), then it’s trivial to fetch it back with the same APIs if you’re running as the same user. (I use `keyring` on Windows to access the key(s) VMware Workstation uses to encrypt Windows 11 VM vTPMs)
It’s kept secure by a chain of keys that may be backed by the TPM, but the security boundary is the user, not the app identity. IIRC Store/UWP apps may get their own boundary for credentials (due to how .appx is implemented).
It’s kept secure by a chain of keys that may be backed by the TPM, but the security boundary is the user, not the app identity. IIRC Store/UWP apps may get their own boundary for credentials (due to how .appx is implemented).