Export (0) Print
Expand All

ProtectedData Class

Provides methods for encrypting and decrypting data. This class cannot be inherited.

System::Object
  System.Security.Cryptography::ProtectedData

Namespace:  System.Security.Cryptography
Assembly:  System.Security (in System.Security.dll)

[HostProtectionAttribute(SecurityAction::LinkDemand, MayLeakOnAbort = true)]
public ref class ProtectedData abstract sealed

The ProtectedData type exposes the following members.

  NameDescription
Public methodStatic memberProtectEncrypts the data in a specified byte array and returns a byte array that contains the encrypted data.
Public methodStatic memberUnprotectDecrypts the data in a specified byte array and returns a byte array that contains the decrypted data.
Top

This class provides access to the Data Protection API (DPAPI) available in Microsoft Windows 2000 and later operating systems. This is a service that is provided by the operating system and does not require additional libraries. It provides protection using the user or machine credentials to encrypt or decrypt data.

The class consists of two wrappers for the unmanaged DPAPI, Protect and Unprotect. These two methods can be used to encrypt and decrypt data such as passwords, keys, and connection strings.

If you use these methods during impersonation, you may receive the following error: "Key not valid for use in specified state." This occurs because the DPAPI stores the key data in user profiles. If the profile is not loaded, DPAPI won’t be able to perform the decryption. To prevent this error, load the profile of the user you want to impersonate before calling either method. Using DPAPI with impersonation can incur significant complication and requires careful design choices.

NoteNote

The HostProtectionAttribute attribute applied to this type or member has the following Resources property value: MayLeakOnAbort. The HostProtectionAttribute does not affect desktop applications (which are typically started by double-clicking an icon, typing a command, or entering a URL in a browser). For more information, see the HostProtectionAttribute class or SQL Server Programming and Host Protection Attributes.

TopicLocation
How to: Use Data Protection.NET Framework: Security
How to: Use Data Protection.NET Framework: Security

The following example shows how to use data protection.


#using <System.Security.dll>

using namespace System;
using namespace System::Security::Cryptography;

public ref class DataProtectionSample
{
private:

   // Create byte array for additional entropy when using Protect method.
   static array<Byte>^s_aditionalEntropy = {9,8,7,6,5};

public:
   static void Main()
   {

      // Create a simple byte array containing data to be encrypted.
      array<Byte>^secret = {0,1,2,3,4,1,2,3,4};

      //Encrypt the data.
      array<Byte>^encryptedSecret = Protect( secret );
      Console::WriteLine( "The encrypted byte array is:" );
      PrintValues( encryptedSecret );

      // Decrypt the data and store in a byte array.
      array<Byte>^originalData = Unprotect( encryptedSecret );
      Console::WriteLine( "{0}The original data is:", Environment::NewLine );
      PrintValues( originalData );
   }

   static array<Byte>^ Protect( array<Byte>^data )
   {
      try
      {

         // Encrypt the data using DataProtectionScope.CurrentUser. The result can be decrypted
         //  only by the same current user.
         return ProtectedData::Protect( data, s_aditionalEntropy, DataProtectionScope::CurrentUser );
      }
      catch ( CryptographicException^ e ) 
      {
         Console::WriteLine( "Data was not encrypted. An error occurred." );
         Console::WriteLine( e );
         return nullptr;
      }
   }

   static array<Byte>^ Unprotect( array<Byte>^data )
   {
      try
      {

         //Decrypt the data using DataProtectionScope.CurrentUser.
         return ProtectedData::Unprotect( data, s_aditionalEntropy, DataProtectionScope::CurrentUser );
      }
      catch ( CryptographicException^ e ) 
      {
         Console::WriteLine( "Data was not decrypted. An error occurred." );
         Console::WriteLine( e );
         return nullptr;
      }
   }

   static void PrintValues( array<Byte>^myArr )
   {
      System::Collections::IEnumerator^ myEnum = myArr->GetEnumerator();
      while ( myEnum->MoveNext() )
      {
         Byte i = safe_cast<Byte>(myEnum->Current);
         Console::Write( "\t{0}", i );
      }

      Console::WriteLine();
   }
};

int main()
{
   DataProtectionSample::Main();
}


.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Community Additions

ADD
Show:
© 2014 Microsoft