Export (0) Print
Expand All

DpapiDataProtector Class

.NET Framework 4.5

Provides simple data protection methods.

System.Object
  System.Security.Cryptography.DataProtector
    System.Security.Cryptography.DpapiDataProtector

Namespace:  System.Security.Cryptography
Assembly:  System.Security (in System.Security.dll)

public sealed class DpapiDataProtector : DataProtector

The DpapiDataProtector type exposes the following members.

  NameDescription
Public methodDpapiDataProtectorCreates a new instance of the DpapiDataProtector class by using the specified application name, primary purpose, and specific purposes.
Top

  NameDescription
Public propertyScopeGets or sets the scope of the data protection.
Top

  NameDescription
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodIsReprotectRequiredDetermines if the data must be re-encrypted. (Overrides DataProtector.IsReprotectRequired(Byte[]).)
Public methodProtectProtects the specified user data. (Inherited from DataProtector.)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Public methodUnprotectUnprotects the specified protected data. (Inherited from DataProtector.)
Top

The DpapiDataProtector class provides a structured way to protect data by using the ProtectedData class. The class constructor has purpose parameters that serve like a password to identify the protected data. All three parameters are hashed and included as part of the encrypted data string. You must know the purpose parameters to unprotect the data. The ProtectedData.Protect method that is called to encrypt the data has an optionalEntropy parameter that allows you to add qualifying information to encrypt the data more securely. The hash of the purpose parameters is used for optional entropy. Because you do not need a key to decrypt the data, carefully choosing the purpose data adds another level of security to data protection.

If you use a Scope setting of CurrentUser, only a user with logon credentials that match those of the user who encrypted the data can decrypt the data. In addition, decryption usually can be done only on the computer where the data was encrypted. The Windows function that encrypts the data creates a session key to perform the encryption. The session key is derived again when the data is to be decrypted. For a detailed description of how data is protected by using session keys, see Windows Data Protection.

If you use a Scope setting of LocalMachine when protecting the data and do not carefully identify the purpose parameters, any other application on that computer that knows the purposes can access and unprotect the data.

.NET Framework

Supported in: 4.6, 4.5

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2014 Microsoft