DpapiDataProtector Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Provides simple data protection methods.
public ref class DpapiDataProtector sealed : System::Security::Cryptography::DataProtectorpublic sealed class DpapiDataProtector : System.Security.Cryptography.DataProtectortype DpapiDataProtector = class
inherit DataProtectorPublic NotInheritable Class DpapiDataProtector
Inherits DataProtector- Inheritance
Remarks
The DpapiDataProtector class provides a structured way to protect data by using the ProtectedData class. The class constructor has purpose parameters that serve like a password to identify the protected data. All three parameters are hashed and included as part of the encrypted data string. You must know the purpose parameters to unprotect the data. The ProtectedData.Protect method that is called to encrypt the data has an optionalEntropy parameter that allows you to add qualifying information to encrypt the data more securely. The hash of the purpose parameters is used for optional entropy. Because you do not need a key to decrypt the data, carefully choosing the purpose data adds another level of security to data protection.
If you use a Scope setting of CurrentUser, only a user with logon credentials that match those of the user who encrypted the data can decrypt the data. In addition, decryption usually can be done only on the computer where the data was encrypted. The Windows function that encrypts the data creates a session key to perform the encryption. The session key is derived again when the data is to be decrypted. For a detailed description of how data is protected by using session keys, see Windows Data Protection.
If you use a Scope setting of LocalMachine when protecting the data and do not carefully identify the purpose parameters, any other application on that computer that knows the purposes can access and unprotect the data.
Constructors
| DpapiDataProtector(String, String, String[]) |
Creates a new instance of the DpapiDataProtector class by using the specified application name, primary purpose, and specific purposes. |
Properties
| ApplicationName |
Gets the name of the application. (Inherited from DataProtector) |
| PrependHashedPurposeToPlaintext |
Specifies whether the hash is prepended to the text array before encryption. (Inherited from DataProtector) |
| PrimaryPurpose |
Gets the primary purpose for the protected data. (Inherited from DataProtector) |
| Scope |
Gets or sets the scope of the data protection. |
| SpecificPurposes |
Gets the specific purposes for the protected data. (Inherited from DataProtector) |
Methods
| Equals(Object) |
Determines whether the specified object is equal to the current object. (Inherited from Object) |
| GetHashCode() |
Serves as the default hash function. (Inherited from Object) |
| GetHashedPurpose() |
Creates a hash of the property values specified by the constructor. (Inherited from DataProtector) |
| GetType() |
Gets the Type of the current instance. (Inherited from Object) |
| IsReprotectRequired(Byte[]) |
Determines if the data must be re-encrypted. |
| MemberwiseClone() |
Creates a shallow copy of the current Object. (Inherited from Object) |
| Protect(Byte[]) |
Protects the specified user data. (Inherited from DataProtector) |
| ProviderProtect(Byte[]) |
Specifies the delegate method in the derived class that the Protect(Byte[]) method in the base class calls back into. (Inherited from DataProtector) |
| ProviderUnprotect(Byte[]) |
Specifies the delegate method in the derived class that the Unprotect(Byte[]) method in the base class calls back into. (Inherited from DataProtector) |
| ToString() |
Returns a string that represents the current object. (Inherited from Object) |
| Unprotect(Byte[]) |
Unprotects the specified protected data. (Inherited from DataProtector) |
