Export (0) Print
Expand All

ProtectedData Class

Provides methods for protecting and unprotecting data. This class cannot be inherited.

Namespace:  System.Security.Cryptography
Assembly:  System.Security (in System.Security.dll)

public sealed class ProtectedData

This class provides access to the Data Protection API (DPAPI) available in Microsoft Windows 2000 and later operating systems. This is a service that is provided by the operating system and does not require additional libraries. It provides protection using the user or machine credentials to protect or unprotect data.

The class consists of two wrappers for the unmanaged DPAPI, Protect and Unprotect. These two methods can be used to protect and unprotect data such as passwords, keys, and connection strings.

If you use these methods during impersonation, you may receive the following error: "Key not valid for use in specified state." This occurs because the DPAPI stores the key data in user profiles. If the profile is not loaded, DPAPI won’t be able to perform the decryption. Therefore, this error is prevented by loading the profile of the user you want to impersonate, before calling either method. Using DPAPI with impersonation can incur significant complication and requires careful design choices.

TopicLocation
How to: Use Data Protection.NET Framework: Security
How to: Use Data Protection.NET Framework: Security

The following code example shows how to use data protection.

using System;
using System.Security.Cryptography;

public class DataProtectionSample
{
// Create byte array for additional entropy when using Protect method. 
	static byte [] s_aditionalEntropy = { 9, 8, 7, 6, 5 };

	public static void Main()
	{
// Create a simple byte array containing data to be encrypted.
		
byte [] secret = { 0, 1, 2, 3, 4, 1, 2, 3, 4 };

//Encrypt the data.
		byte [] encryptedSecret = Protect( secret );
		Console.WriteLine("The encrypted byte array is:");
		PrintValues(encryptedSecret);
		
// Decrypt the data and store in a byte array.
		byte [] originalData = Unprotect( encryptedSecret );
		Console.WriteLine("{0}The original data is:", Environment.NewLine);
		PrintValues(originalData);

	}

	public static byte [] Protect( byte [] data )
	{
		try
		{
			// Encrypt the data using DataProtectionScope.CurrentUser. The result can be decrypted 
			//  only by the same current user. 
			return ProtectedData.Protect( data, s_aditionalEntropy, DataProtectionScope.CurrentUser );
		} 
		catch (CryptographicException e)
		{
			Console.WriteLine("Data was not encrypted. An error occurred.");
			Console.WriteLine(e.ToString());
			return null;
		}
	}

	public static byte [] Unprotect( byte [] data )
	{
		try
		{
			//Decrypt the data using DataProtectionScope.CurrentUser. 
			return ProtectedData.Unprotect( data, s_aditionalEntropy, DataProtectionScope.CurrentUser );
		} 
		catch (CryptographicException e)
		{
			Console.WriteLine("Data was not decrypted. An error occurred.");
			Console.WriteLine(e.ToString());
			return null;
		}
	}

	public static void PrintValues( Byte[] myArr )  
	{
	      foreach ( Byte i in myArr )  
		  	{
		         Console.Write( "\t{0}", i );
			 }
      Console.WriteLine();
	 }

}

System.Object
  System.Security.Cryptography.ProtectedData

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0

Community Additions

ADD
Show:
© 2014 Microsoft