This topic has not yet been rated - Rate this topic

DpapiDataProtector Class

.NET Framework 4.5

Provides simple data protection methods.

System.Object
System.Security.Cryptography.DataProtector
System.Security.Cryptography.DpapiDataProtector

Namespace: System.Security.Cryptography
Assembly: System.Security (in System.Security.dll)

public sealed class DpapiDataProtector : DataProtector

The DpapiDataProtector type exposes the following members.

Constructors

	Name	Description
	DpapiDataProtector	Creates a new instance of the DpapiDataProtector class by using the specified application name, primary purpose, and specific purposes.

Top

Properties

	Name	Description
	Scope	Gets or sets the scope of the data protection.

Top

Methods

	Name	Description
	Equals(Object)	Determines whether the specified object is equal to the current object. (Inherited from Object.)
	GetHashCode	Serves as a hash function for a particular type. (Inherited from Object.)
	GetType	Gets the Type of the current instance. (Inherited from Object.)
	IsReprotectRequired	Determines if the data must be re-encrypted. (Overrides DataProtector.IsReprotectRequired(Byte[]).)
	Protect	Protects the specified user data. (Inherited from DataProtector.)
	ToString	Returns a string that represents the current object. (Inherited from Object.)
	Unprotect	Unprotects the specified protected data. (Inherited from DataProtector.)

Top

Remarks

The DpapiDataProtector class provides a structured way to protect data by using the ProtectedData class. The class constructor has purpose parameters that serve like a password to identify the protected data. All three parameters are hashed and included as part of the encrypted data string. You must know the purpose parameters to unprotect the data. The ProtectedData.Protect method that is called to encrypt the data has an optionalEntropy parameter that allows you to add qualifying information to encrypt the data more securely. The hash of the purpose parameters is used for optional entropy. Because you do not need a key to decrypt the data, carefully choosing the purpose data adds another level of security to data protection.

If you use a Scope setting of CurrentUser, only a user with logon credentials that match those of the user who encrypted the data can decrypt the data. In addition, decryption usually can be done only on the computer where the data was encrypted. The Windows function that encrypts the data creates a session key to perform the encryption. The session key is derived again when the data is to be decrypted. For a detailed description of how data is protected by using session keys, see Windows Data Protection.

If you use a Scope setting of LocalMachine when protecting the data and do not carefully identify the purpose parameters, any other application on that computer that knows the purposes can access and unprotect the data.

Version Information

.NET Framework

Supported in: 4.5

Platforms

Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Reference

System.Security.Cryptography Namespace

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)