DataProtectionProvider.DataProtectionProvider(String) constructor

Applies to Windows and Windows Phone

Constructor used for encryption operations. Use this constructor before calling the ProtectAsync or ProtectStreamAsync methods.

Syntax


var dataProtectionProvider = new Windows.Security.Cryptography.DataProtection.DataProtectionProvider(protectionDescriptor);

Parameters

protectionDescriptor

Type: String [JavaScript] | System.String [.NET] | Platform::String [C++]

Contains the protection descriptor that determines the entity to which the data will be encrypted. For more information, see Remarks.

Remarks

Do not use this constructor before starting a decryption operation. You must use the DataProtectionProvider() constructor instead.

For security descriptors and SDDL strings, you must set the enterprise authentication capability in the manifest. The enterprise authentication capability is restricted to apps built with company accounts, and is subject to additional onboarding validation. You should avoid the enterprise authentication capability unless it is absolutely necessary.

For example, the following SID and SDDL providers require the enterprise authentication capability:

  • "SID=S-1-5-21-4392301 AND SID=S-1-5-21-3101812"
  • "SDDL=O:S-1-5-5-0-290724G:SYD:(A;;CCDC;;;S-1-5-5-0-290724)(A;;DC;;;WD)"

These providers do not require the enterprise authentication capability on either platform:

  • "LOCAL=user"
  • "LOCAL=machine"

These providers do not require the enterprise authentication capability on Windows:

  • "WEBCREDENTIALS=MyPasswordName"
  • "WEBCREDENTIALS=MyPasswordName,myweb.com"

Examples

The following example shows how to protect static data.


public async Task<IBuffer> SampleProtectAsync(
    String strMsg,
    String strDescriptor,
    BinaryStringEncoding encoding)
{
    // Create a DataProtectionProvider object for the specified descriptor.
    DataProtectionProvider Provider = new DataProtectionProvider(strDescriptor);

    // Encode the plaintext input message to a buffer.
    encoding = BinaryStringEncoding.Utf8;
    IBuffer buffMsg = CryptographicBuffer.ConvertStringToBinary(strMsg, encoding);

    // Encrypt the message.
    IBuffer buffProtected = await Provider.ProtectAsync(buffMsg);

    // Execution of the SampleProtectAsync function resumes here
    // after the awaited task (Provider.ProtectAsync) completes.
    return buffProtected;
}


The following example shows how to protect stream data.


public async Task<IBuffer> SampleDataProtectionStream(
    String descriptor,
    String strMsg,
    BinaryStringEncoding encoding)
{
    // Create a DataProtectionProvider object for the specified descriptor.
    DataProtectionProvider Provider = new DataProtectionProvider(descriptor);

    // Convert the input string to a buffer.
    IBuffer buffMsg = CryptographicBuffer.ConvertStringToBinary(strMsg, encoding);

    // Create a random access stream to contain the plaintext message.
    InMemoryRandomAccessStream inputData = new InMemoryRandomAccessStream();

    // Create a random access stream to contain the encrypted message.
    InMemoryRandomAccessStream protectedData = new InMemoryRandomAccessStream();

    // Retrieve an IOutputStream object and fill it with the input (plaintext) data.
    IOutputStream outputStream = inputData.GetOutputStreamAt(0);
    DataWriter writer = new DataWriter(outputStream);
    writer.WriteBuffer(buffMsg);
    await writer.StoreAsync();
    await outputStream.FlushAsync();

    // Retrieve an IInputStream object from which you can read the input data.
    IInputStream source = inputData.GetInputStreamAt(0);

    // Retrieve an IOutputStream object and fill it with encrypted data.
    IOutputStream dest = protectedData.GetOutputStreamAt(0);
    await Provider.ProtectStreamAsync(source, dest);
    await dest.FlushAsync();

    //Verify that the protected data does not match the original
    DataReader reader1 = new DataReader(inputData.GetInputStreamAt(0));
    DataReader reader2 = new DataReader(protectedData.GetInputStreamAt(0));
    await reader1.LoadAsync((uint)inputData.Size);
    await reader2.LoadAsync((uint)protectedData.Size);
    IBuffer buffOriginalData = reader1.ReadBuffer((uint)inputData.Size);
    IBuffer buffProtectedData = reader2.ReadBuffer((uint)protectedData.Size);

    if (CryptographicBuffer.Compare(buffOriginalData, buffProtectedData))
    {
        throw new Exception("ProtectStreamAsync returned unprotected data");
    }

    // Return the encrypted data.
    return buffProtectedData;
}


Requirements

Minimum supported client

Windows 8

Minimum supported server

Windows Server 2012

Minimum supported phone

Windows Phone 8.1 [Windows Runtime apps only]

Namespace

Windows.Security.Cryptography.DataProtection
Windows::Security::Cryptography::DataProtection [C++]

Metadata

Windows.winmd

See also

DataProtectionProvider
DataProtectionProvider()

 

 

Show:
© 2014 Microsoft