Share via

Data protection API (Windows Runtime apps)

[ This article is for Windows 8.x and Windows Phone 8.x developers writing Windows Runtime apps. If you’re developing for Windows 10, see the latest documentation ]

The DataProtectionProvider class in the Windows.Security.Cryptography.DataProtection namespace provides a simplified way to encrypt and decrypt digital data. You can use the class to protect data to any of the following:

  • You can use a SID to protect data to an Active Directory (AD) security principal like an AD group. Any member of the group can decrypt the data.
  • You can protect data to the public key contained in an X.509 certificate. The owner of the private key can decrypt the data.
  • You can protect data by using a symmetric key. This works, for example, to protect data to a non-AD principal such as Live ID.
  • You can protect data to the credentials (password) used during logon to a website.

The DataProtectionProvider class contains two constructors and four methods.

Method Description


Asynchronously encrypt static data.


Asynchronously encrypt a data stream.


Asynchronously decrypt static data.


Asynchronously decrypt a data stream.