Microsoft Information Protection SDK - Protection handler concepts
In the MIP Protection SDK, the mip::ProtectionHandler exposes the functions for encrypting and decrypting protected streams and buffers, performing access checks, obtaining the publishing license, and getting attributes from the protected information.
Requirements
Creating a ProtectionHandler to work with a specific file requires:
- A
mip::MipContext - A
mip::ProtectionProfile - A
mip::ProtectionEngineadded to theProtectionProfile - A class that inherits
mip::ProtectionHandler::Observer. - A
mip::ProtectionDescriptoror publishing license
Create a protection handler
mip::ProtectionHandler objects are constructed for either protection or consumption operations. The handler is created using one of four functions, depending on the scenario.
mip::ProtectionEngine->CreateProtectionHandlerForConsumptionAsync()mip::ProtectionEngine->CreateProtectionHandlerForConsumption()mip::ProtectionEngine->CreateProtectionHandlerForPublishingAsync()mip::ProtectionEngine->CreateProtectionHandlerForPublishing()
These functions accept either a mip::ProtectionHandler::PublishingSettings or mip::ProtectionHandler::ConsumptionSettings object.
Create a publishing handler
Creating a publishing handler requires three steps:
- Create a
mip::ProtectionDescriptorobject. - Use the
mip::ProtectionDescriptorto instantiatemip::ProtectionHandler::PublishingSettings. - Call
mip::ProtectionEngine::CreateProtectionHandlerForPublishingAsync()passing in thePublishingSettingsobject, observer, and promise.
Create from descriptor
If protecting content that hasn't yet been protected, or when applying new protection to content, which implies that it's been decrypted, a mip::ProtectionDescriptor must be constructed. Once constructed, it's used to instantiate the mip::ProtectionHandler::PublishingSettings() object. The result is returned via the mip::ProtectionHandler::Observer.
// Create the protection descriptor, passing in a templateId.
auto descriptorBuilder = mip::ProtectionDescriptorBuilder::CreateFromTemplate(protectionOptions.templateId);
std::shared_ptr<mip::ProtectionDescriptor> descriptor = descriptorBuilder->Build();
// Define the handler promise, future, and observer.
auto handlerPromise = std::make_shared<std::promise<std::shared_ptr<ProtectionHandler>>>();
auto handlerFuture = handlerPromise->get_future();
auto handlerObserver = std::make_shared<ProtectionHandlerObserverImpl>();
// Create the PublishingSettings object using the previously-created descriptor as input.
mip::ProtectionHandler::PublishingSettings publishingSettings = mip::ProtectionHandler::PublishingSettings(descriptor);
// Create/get the publishing handler from the publishing settings, observer, and promise.
mEngine->CreateProtectionHandlerForPublishingAsync(publishingSettings, handlerObserver, handlerPromise);
auto handler = handlerFuture.get();
return handler;
After you successfully create the ProtectionHandler object, protection operations (encrypt/decrypt) can be performed. The publishing license must be fetched from the handler and stored with the encrypted content. The publishing license can be fetched by calling: handler->GetSerializedPublishingLicense();
Protected content without the corresponding publishing license cannot be decrypted.
Create the consumption handler
Creating a publishing handler requires three steps:
- Extract a serialized publishing license as
std::vector<uint8_t>from the protected content. - Use the serialized publishing license to instantiate
mip::ProtectionHandler::ConsumptionSettings. - Call
mip::ProtectionEngine::CreateProtectionHandlerForConsumptionAsync()passing in theConsumptionSettingsobject, observer, and promise.
This example assumes that the publishing license has already been read from some source and stored in std::vector<uint8_t> serializedPublishingLicense.
//TODO: Implement GetPublishingLicense()
//Snip implies that function reads PL from source file, database, stream, etc.
std::vector<uint8_t> serializedPublishingLicense = GetPublishingLicense(filePath);
// Define the handler promise, future, and observer.
auto handlerPromise = std::make_shared<std::promise<std::shared_ptr<ProtectionHandler>>>();
auto handlerFuture = handlerPromise->get_future();
shared_ptr<ProtectionHandlerObserverImpl> handlerObserver = std::make_shared<ProtectionHandlerObserverImpl>();
// Create the consumption settings object from the publishing license.
mip::ProtectionHandler::ConsumptionSettings consumptionSettings = mip::ProtectionHandler::ConsumptionSettings(serializedPublishingLicense);
// Create/get the publishing handler from the publishing settings, observer, and promise.
mEngine->CreateProtectionHandlerForConsumptionAsync(consumptionSettings, handlerObserver, handlerPromise);
auto handler = handlerFuture.get();
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for