ProtectedData::Protect Method
Encrypts the data in a specified byte array and returns a byte array that contains the encrypted data.
Assembly: System.Security (in System.Security.dll)
public: static array<unsigned char>^ Protect( array<unsigned char>^ userData, array<unsigned char>^ optionalEntropy, DataProtectionScope scope )
Parameters
- userData
- Type: array<System::Byte>
A byte array that contains data to encrypt.
- optionalEntropy
- Type: array<System::Byte>
An optional additional byte array used to increase the complexity of the encryption, or nullptr for no additional complexity.
- scope
- Type: System.Security.Cryptography::DataProtectionScope
One of the enumeration values that specifies the scope of encryption.
| Exception | Condition |
|---|---|
| ArgumentNullException | The userData parameter is nullptr. |
| CryptographicException | The encryption failed. |
| NotSupportedException | The operating system does not support this method. |
| OutOfMemoryException | The system ran out of memory while encrypting the data. |
This method can be used to encrypt data such as passwords, keys, or connection strings. The optionalEntropy parameter enables you to add data to increase the complexity of the encryption; specify nullptr for no additional complexity. If provided, this information must also be used when decrypting the data using the Unprotect method.
Note |
|---|
If you use this method during impersonation, you may receive the following error: "Key not valid for use in specified state." To prevent this error, load the profile of the user you want to impersonate before calling the method. |
The following example shows how to use data protection.
#using <System.Security.dll> using namespace System; using namespace System::Security::Cryptography; public ref class DataProtectionSample { private: // Create byte array for additional entropy when using Protect method. static array<Byte>^s_aditionalEntropy = {9,8,7,6,5}; public: static void Main() { // Create a simple byte array containing data to be encrypted. array<Byte>^secret = {0,1,2,3,4,1,2,3,4}; //Encrypt the data. array<Byte>^encryptedSecret = Protect( secret ); Console::WriteLine( "The encrypted byte array is:" ); PrintValues( encryptedSecret ); // Decrypt the data and store in a byte array. array<Byte>^originalData = Unprotect( encryptedSecret ); Console::WriteLine( "{0}The original data is:", Environment::NewLine ); PrintValues( originalData ); } static array<Byte>^ Protect( array<Byte>^data ) { try { // Encrypt the data using DataProtectionScope.CurrentUser. The result can be decrypted // only by the same current user. return ProtectedData::Protect( data, s_aditionalEntropy, DataProtectionScope::CurrentUser ); } catch ( CryptographicException^ e ) { Console::WriteLine( "Data was not encrypted. An error occurred." ); Console::WriteLine( e ); return nullptr; } } static array<Byte>^ Unprotect( array<Byte>^data ) { try { //Decrypt the data using DataProtectionScope.CurrentUser. return ProtectedData::Unprotect( data, s_aditionalEntropy, DataProtectionScope::CurrentUser ); } catch ( CryptographicException^ e ) { Console::WriteLine( "Data was not decrypted. An error occurred." ); Console::WriteLine( e ); return nullptr; } } static void PrintValues( array<Byte>^myArr ) { System::Collections::IEnumerator^ myEnum = myArr->GetEnumerator(); while ( myEnum->MoveNext() ) { Byte i = safe_cast<Byte>(myEnum->Current); Console::Write( "\t{0}", i ); } Console::WriteLine(); } }; int main() { DataProtectionSample::Main(); }
- DataProtectionPermission
with the associated ProtectData flag for permission to protect data.
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
Note