ProtectedData Class

Definition

Namespace:: System.Security.Cryptography

Assembly:: System.Security.Cryptography.ProtectedData.dll

Assembly:: System.Security.dll

Package:: System.Security.Cryptography.ProtectedData v10.0.0

Source:: ProtectedData.cs

Source:: ProtectedData.cs

Source:: ProtectedData.cs

Source:: ProtectedData.cs

Source:: ProtectedData.cs

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Provides methods for encrypting and decrypting data. This class cannot be inherited.

public ref class ProtectedData abstract sealed

public ref class ProtectedData sealed

public static class ProtectedData

public sealed class ProtectedData

type ProtectedData = class

Public Class ProtectedData

Public NotInheritable Class ProtectedData

Inheritance: Object
ProtectedData

Examples

The following example shows how to use data protection.

using System;using System.Security.Cryptography;public class DataProtectionSample{    // Create byte array for additional entropy when using Protect method.    static byte [] s_additionalEntropy = { 9, 8, 7, 6, 5 };    public static void Main()    {        // Create a simple byte array containing data to be encrypted.        byte [] secret = { 0, 1, 2, 3, 4, 1, 2, 3, 4 };        //Encrypt the data.        byte [] encryptedSecret = Protect( secret );        Console.WriteLine("The encrypted byte array is:");        PrintValues(encryptedSecret);        // Decrypt the data and store in a byte array.        byte [] originalData = Unprotect( encryptedSecret );        Console.WriteLine("{0}The original data is:", Environment.NewLine);        PrintValues(originalData);    }    public static byte [] Protect( byte [] data )    {        try        {            // Encrypt the data using DataProtectionScope.CurrentUser. The result can be decrypted            // only by the same current user.            return ProtectedData.Protect( data, s_additionalEntropy, DataProtectionScope.CurrentUser );        }        catch (CryptographicException e)        {            Console.WriteLine("Data was not encrypted. An error occurred.");            Console.WriteLine(e.ToString());            return null;        }    }    public static byte [] Unprotect( byte [] data )    {        try        {            //Decrypt the data using DataProtectionScope.CurrentUser.            return ProtectedData.Unprotect( data, s_additionalEntropy, DataProtectionScope.CurrentUser );        }        catch (CryptographicException e)        {            Console.WriteLine("Data was not decrypted. An error occurred.");            Console.WriteLine(e.ToString());            return null;        }    }    public static void PrintValues( Byte[] myArr )    {        foreach ( Byte i in myArr )        {            Console.Write( "\t{0}", i );        }        Console.WriteLine();    }}

Imports System.Security.CryptographyPublic Class DataProtectionSample    ' Create byte array for additional entropy when using Protect method.    Private Shared s_additionalEntropy As Byte() = {9, 8, 7, 6, 5}    Public Shared Sub Main()        ' Create a simple byte array containing data to be encrypted.        Dim secret As Byte() = {0, 1, 2, 3, 4, 1, 2, 3, 4}        'Encrypt the data.        Dim encryptedSecret As Byte() = Protect(secret)        Console.WriteLine("The encrypted byte array is:")        PrintValues(encryptedSecret)        ' Decrypt the data and store in a byte array.        Dim originalData As Byte() = Unprotect(encryptedSecret)        Console.WriteLine("{0}The original data is:", Environment.NewLine)        PrintValues(originalData)    End Sub    Public Shared Function Protect(ByVal data() As Byte) As Byte()        Try            ' Encrypt the data using DataProtectionScope.CurrentUser. The result can be decrypted            '  only by the same current user.            Return ProtectedData.Protect(data, s_additionalEntropy, DataProtectionScope.CurrentUser)        Catch e As CryptographicException            Console.WriteLine("Data was not encrypted. An error occurred.")            Console.WriteLine(e.ToString())            Return Nothing        End Try    End Function    Public Shared Function Unprotect(ByVal data() As Byte) As Byte()        Try            'Decrypt the data using DataProtectionScope.CurrentUser.            Return ProtectedData.Unprotect(data, s_additionalEntropy, DataProtectionScope.CurrentUser)        Catch e As CryptographicException            Console.WriteLine("Data was not decrypted. An error occurred.")            Console.WriteLine(e.ToString())            Return Nothing        End Try    End Function    Public Shared Sub PrintValues(ByVal myArr() As [Byte])        Dim i As [Byte]        For Each i In myArr            Console.Write(vbTab + "{0}", i)        Next i        Console.WriteLine()    End SubEnd Class

Remarks

This class provides access to the Data Protection API (DPAPI) available in Windows operating systems. This is a service that is provided by the operating system and does not require additional libraries. It provides protection using the user or machine credentials to encrypt or decrypt data.

Important

Because it depends on DPAPI, theProtectedData class is supported on the Windows platform only. Its use on .NET Core on platforms other than Windows throws aPlatformNotSupportedException.

The class consists of two wrappers for the unmanaged DPAPI,Protect andUnprotect. These two methods can be used to encrypt and decrypt data such as passwords, keys, and connection strings.

If you use these methods during impersonation, you may receive the following error: "Key not valid for use in specified state." This occurs because the DPAPI stores the key data in user profiles. If the profile is not loaded, DPAPI won't be able to perform the decryption. To prevent this error, load the profile of the user you want to impersonate before calling either method. Using DPAPI with impersonation can incur significant complication and requires careful design choices.

Methods

Name	Description
Protect(Byte[], Byte[], DataProtectionScope)	Encrypts the data in a specified byte array and returns a byte array that contains the encrypted data.
Protect(ReadOnlySpan<Byte>, DataProtectionScope, ReadOnlySpan<Byte>)	Encrypts the data in a specified byte span and returns a byte array that contains the encrypted data.
Protect(ReadOnlySpan<Byte>, DataProtectionScope, Span<Byte>, ReadOnlySpan<Byte>)	Encrypts the data in a specified buffer and writes the encrypted data to a destination buffer.
TryProtect(ReadOnlySpan<Byte>, DataProtectionScope, Span<Byte>, Int32, ReadOnlySpan<Byte>)	Encrypts the data in a specified buffer and writes the encrypted data to a destination buffer.
TryUnprotect(ReadOnlySpan<Byte>, DataProtectionScope, Span<Byte>, Int32, ReadOnlySpan<Byte>)	Decrypts the data in a specified buffer and writes the decrypted data to a destination buffer.
Unprotect(Byte[], Byte[], DataProtectionScope)	Decrypts the data in a specified byte array and returns a byte array that contains the decrypted data.
Unprotect(ReadOnlySpan<Byte>, DataProtectionScope, ReadOnlySpan<Byte>)	Decrypts the data in a specified byte array and returns a byte array that contains the decrypted data.
Unprotect(ReadOnlySpan<Byte>, DataProtectionScope, Span<Byte>, ReadOnlySpan<Byte>)	Decrypts the data in a specified buffer and writes the decrypted data to a destination buffer.

Applies to

Movatterモバイル変換

Share via