Skip to main content
CryptographicEngine.Encrypt | encrypt method

Applies to Windows and Windows Phone

Encrypts data by using a symmetric or asymmetric algorithm.


var iBuffer = Windows.Security.Cryptography.Core.CryptographicEngine.encrypt(key, data, iv);

public static IBuffer Encrypt(
  CryptographicKey key, 
  IBuffer data, 
  IBuffer iv

Public Shared Function Encrypt(
  key As CryptographicKey,  
  data As IBuffer,  
  iv As IBuffer 
) As IBuffer

static IBuffer^ Encrypt(
  CryptographicKey^ key, 
  IBuffer^ data, 
  IBuffer^ iv



Type: CryptographicKey

Cryptographic key to use for encryption. This can be an asymmetric or a symmetric key. For more information, see AsymmetricKeyAlgorithmProvider and SymmetricKeyAlgorithmProvider.


Type: IBuffer

Data to encrypt.


Type: IBuffer

Buffer that contains the initialization vector. This can be null for a symmetric algorithm and should always be null for an asymmetric algorithm. If an initialization vector (IV) was used to encrypt the data, you must use the same IV to decrypt the data. You can use the GenerateRandom method to create an IV that contains random data. Other IVs, such as nonce-generated vectors, require custom implementation. For more information, see Symmetric Key Encryption.

Cipher block chaining (CBC) block cipher mode algorithms require an initialization vector. For more information, see Remarks.

Return value

Type: IBuffer

Encrypted data.


Of the symmetric algorithms supported by Microsoft, the following require an initialization vector:


public IBuffer SampleCipherEncryption(
    String strMsg,
    String strAlgName,
    UInt32 keyLength,
    out BinaryStringEncoding encoding,
    out IBuffer iv,
    out CryptographicKey key)
    // Initialize the initialization vector.
    iv = null;

    // Initialize the binary encoding value.
    encoding = BinaryStringEncoding.Utf8;

    // Create a buffer that contains the encoded message to be encrypted. 
    IBuffer buffMsg = CryptographicBuffer.ConvertStringToBinary(strMsg, encoding);

    // Open a symmetric algorithm provider for the specified algorithm. 
    SymmetricKeyAlgorithmProvider objAlg = SymmetricKeyAlgorithmProvider.OpenAlgorithm(strAlgName);

    // Determine whether the message length is a multiple of the block length.
    // This is not necessary for PKCS #7 algorithms which automatically pad the
    // message to an appropriate length.
    if (!strAlgName.Contains("PKCS7"))
        if ((buffMsg.Length % objAlg.BlockLength) != 0)
            throw new Exception("Message buffer length must be multiple of block length.");

    // Create a symmetric key.
    IBuffer keyMaterial = CryptographicBuffer.GenerateRandom(keyLength);
    key = objAlg.CreateSymmetricKey(keyMaterial);

    // CBC algorithms require an initialization vector. Here, a random
    // number is used for the vector.
    if (strAlgName.Contains("CBC"))
        iv = CryptographicBuffer.GenerateRandom(objAlg.BlockLength);

    // Encrypt the data and return.
    IBuffer buffEncrypt = CryptographicEngine.Encrypt(key, buffMsg, iv);
    return buffEncrypt;


Minimum supported client

Windows 8

Minimum supported server

Windows Server 2012

Minimum supported phone

Windows Phone 8.1 [Windows Runtime apps only]


Windows::Security::Cryptography::Core [C++]



See also

Asymmetric Key Encryption
Symmetric Key Encryption