Home Library Learn Downloads Support Community
Sign in | United States - English | |
This topic has not yet been rated - Rate this topic

ProtectedMemory Class

.NET Framework 4

Provides methods for protecting and unprotecting memory. This class cannot be inherited.

System.Object
  System.Security.Cryptography.ProtectedMemory

Namespace:  System.Security.Cryptography
Assembly:  System.Security (in System.Security.dll)
C#
C++
F#
VB
Copy 
[HostProtectionAttribute(SecurityAction.LinkDemand, MayLeakOnAbort = true)]
public static class ProtectedMemory

The ProtectedMemory type exposes the following members.

  Name Description
Public method Static member Protect Protects the specified data.
Public method Static member Unprotect Unprotects data in memory that was protected using the Protect method.
Top

This class provides access to the Data Protection API (DPAPI) available in the Windows XP and later operating systems. This is a service that is provided by the operating system and does not require additional libraries. It provides encryption for sensitive data in memory.

The class consists of two wrappers for the unmanaged DPAPI, Protect and Unprotect. These two methods can be used to encrypt and decrypt data in memory.

Note Note

The HostProtectionAttribute attribute applied to this type or member has the following Resources property value: MayLeakOnAbort. The HostProtectionAttribute does not affect desktop applications (which are typically started by double-clicking an icon, typing a command, or entering a URL in a browser). For more information, see the HostProtectionAttribute class or SQL Server Programming and Host Protection Attributes.

The following example shows how to use data protection.

C#
C++
VB
Copy 

using System;
using System.Security.Cryptography;

public class MemoryProtectionSample
{

	public static void Main()
	{
// Create the original data to be encrypted (The data length should be a multiple of 16).
		
byte [] secret = { 1, 2, 3, 4, 1, 2, 3, 4, 1, 2, 3, 4, 1, 2, 3, 4 };

// Encrypt the data in memory. The result is stored in the same same array as the original data.
		ProtectedMemory.Protect( secret, MemoryProtectionScope.SameLogon );
	
// Decrypt the data in memory and store in the original array.
		ProtectedMemory.Unprotect( secret, MemoryProtectionScope.SameLogon );
	}

}

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Did you find this helpful?
(1500 characters remaining)
Community Content Add
Annotations FAQ
Can't decrypt it without the key!
@Redsome - yes, I agree with the other commenter.  The encryption key is probably salted with the PID and other available entropy; anyone "stumbling across" the block in memory wouldn't know how to decrypt it, or at the very least, wouldn't be able to decrypt it in a useful timeframe.
History
I think the information lacks an explanation

@Redsome

Maybe we are missing a key explanation like: 
The memory can only be accessed by the application that created it.

Perhaps that's why there is an option for memoryleak, so if we don't clean it up before we close our application, it will be stuck in memory until the next (cold) reboot????

History
Why use this class?
I understand that this class encrypts data in memory, but I don't understand why we should do such encryption. Because the secret is stored in the memory, someone may get it and decrypt the data. If that is the case, is the protected memory really protected?
History