ProtectedData::Protect Method (array<Byte>^, array<Byte>^, DataProtectionScope)
Encrypts the data in a specified byte array and returns a byte array that contains the encrypted data.
Assembly: System.Security (in System.Security.dll)
public: static array<unsigned char>^ Protect( array<unsigned char>^ userData, array<unsigned char>^ optionalEntropy, DataProtectionScope scope )
Parameters
- userData
-
Type:
array<System::Byte>^
A byte array that contains data to encrypt.
- optionalEntropy
-
Type:
array<System::Byte>^
An optional additional byte array used to increase the complexity of the encryption, or null for no additional complexity.
- scope
-
Type:
System.Security.Cryptography::DataProtectionScope
One of the enumeration values that specifies the scope of encryption.
| Exception | Condition |
|---|---|
| ArgumentNullException | The userData parameter is null. |
| CryptographicException | The encryption failed. |
| NotSupportedException | The operating system does not support this method. |
| OutOfMemoryException | The system ran out of memory while encrypting the data. |
This method can be used to encrypt data such as passwords, keys, or connection strings. The optionalEntropy parameter enables you to add data to increase the complexity of the encryption; specify null for no additional complexity. If provided, this information must also be used when decrypting the data using the Unprotect method.
Note |
|---|
If you use this method during impersonation, you may receive the following error: "Key not valid for use in specified state." To prevent this error, load the profile of the user you want to impersonate before calling the method. |
The following example shows how to use data protection.
#using <System.Security.dll> using namespace System; using namespace System::Security::Cryptography; public ref class DataProtectionSample { private: // Create byte array for additional entropy when using Protect method. static array<Byte>^s_aditionalEntropy = {9,8,7,6,5}; public: static void Main() { // Create a simple byte array containing data to be encrypted. array<Byte>^secret = {0,1,2,3,4,1,2,3,4}; //Encrypt the data. array<Byte>^encryptedSecret = Protect( secret ); Console::WriteLine( "The encrypted byte array is:" ); PrintValues( encryptedSecret ); // Decrypt the data and store in a byte array. array<Byte>^originalData = Unprotect( encryptedSecret ); Console::WriteLine( "{0}The original data is:", Environment::NewLine ); PrintValues( originalData ); } static array<Byte>^ Protect( array<Byte>^data ) { try { // Encrypt the data using DataProtectionScope.CurrentUser. The result can be decrypted // only by the same current user. return ProtectedData::Protect( data, s_aditionalEntropy, DataProtectionScope::CurrentUser ); } catch ( CryptographicException^ e ) { Console::WriteLine( "Data was not encrypted. An error occurred." ); Console::WriteLine( e ); return nullptr; } } static array<Byte>^ Unprotect( array<Byte>^data ) { try { //Decrypt the data using DataProtectionScope.CurrentUser. return ProtectedData::Unprotect( data, s_aditionalEntropy, DataProtectionScope::CurrentUser ); } catch ( CryptographicException^ e ) { Console::WriteLine( "Data was not decrypted. An error occurred." ); Console::WriteLine( e ); return nullptr; } } static void PrintValues( array<Byte>^myArr ) { System::Collections::IEnumerator^ myEnum = myArr->GetEnumerator(); while ( myEnum->MoveNext() ) { Byte i = safe_cast<Byte>(myEnum->Current); Console::Write( "\t{0}", i ); } Console::WriteLine(); } }; int main() { DataProtectionSample::Main(); }
with the associated ProtectData flag for permission to protect data.
Available since 2.0
