ProtectedData Class (System.Security.Cryptography)

Collapse All

Language Filter

This page is specific to

Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:

.NET Framework Class Library

ProtectedData Class

Provides methods for protecting and unprotecting data. This class cannot be inherited.

Namespace: System.Security.Cryptography
Assembly: System.Security (in System.Security.dll)

Syntax

Visual Basic (Declaration)

Public NotInheritable Class ProtectedData

Visual Basic (Usage)

Dim instance As ProtectedData

public sealed class ProtectedData

Visual C++

public ref class ProtectedData sealed

JScript

public final class ProtectedData

Remarks

This class provides access to the Data Protection API (DPAPI) available in Microsoft Windows 2000 and later operating systems. This is a service that is provided by the operating system and does not require additional libraries. It provides protection using the user or machine credentials to protect or unprotect data.

The class consists of two wrappers for the unmanaged DPAPI, Protect and Unprotect. These two methods can be used to protect and unprotect data such as passwords, keys, and connection strings.

If you use these methods during impersonation, you may receive the following error: "Key not valid for use in specified state." This occurs because the DPAPI stores the key data in user profiles. If the profile is not loaded, DPAPI won’t be able to perform the decryption. Therefore, this error is prevented by loading the profile of the user you want to impersonate, before calling either method. Using DPAPI with impersonation can incur significant complication and requires careful design choices.

Topic	Location
How to: Use Data Protection	.NET Framework: Security
How to: Use Data Protection	.NET Framework: Security
How to: Use Data Protection	.NET Framework: Security

Examples

The following code example shows how to use data protection.

Visual Basic

Imports System
Imports System.Security.Cryptography



Public Class DataProtectionSample
    ' Create byte array for additional entropy when using Protect method.
    Private Shared s_aditionalEntropy As Byte() = {9, 8, 7, 6, 5}


    Public Shared Sub Main()
        ' Create a simple byte array containing data to be encrypted.
        Dim secret As Byte() = {0, 1, 2, 3, 4, 1, 2, 3, 4}

        'Encrypt the data.
        Dim encryptedSecret As Byte() = Protect(secret)
        Console.WriteLine("The encrypted byte array is:")
        PrintValues(encryptedSecret)

        ' Decrypt the data and store in a byte array.
        Dim originalData As Byte() = Unprotect(encryptedSecret)
        Console.WriteLine("{0}The original data is:", Environment.NewLine)
        PrintValues(originalData)

    End Sub


    Public Shared Function Protect(ByVal data() As Byte) As Byte()
        Try
            ' Encrypt the data using DataProtectionScope.CurrentUser. The result can be decrypted
            '  only by the same current user.
            Return ProtectedData.Protect(data, s_aditionalEntropy, DataProtectionScope.CurrentUser)
        Catch e As CryptographicException
            Console.WriteLine("Data was not encrypted. An error occurred.")
            Console.WriteLine(e.ToString())
            Return Nothing
        End Try

    End Function


    Public Shared Function Unprotect(ByVal data() As Byte) As Byte()
        Try
            'Decrypt the data using DataProtectionScope.CurrentUser.
            Return ProtectedData.Unprotect(data, s_aditionalEntropy, DataProtectionScope.CurrentUser)
        Catch e As CryptographicException
            Console.WriteLine("Data was not decrypted. An error occurred.")
            Console.WriteLine(e.ToString())
            Return Nothing
        End Try

    End Function


    Public Shared Sub PrintValues(ByVal myArr() As [Byte])
        Dim i As [Byte]
        For Each i In myArr
            Console.Write(vbTab + "{0}", i)
        Next i
        Console.WriteLine()

    End Sub
End Class

using System;
using System.Security.Cryptography;

public class DataProtectionSample
{
// Create byte array for additional entropy when using Protect method.
    static byte [] s_aditionalEntropy = { 9, 8, 7, 6, 5 };

    public static void Main()
    {
// Create a simple byte array containing data to be encrypted.
        
byte [] secret = { 0, 1, 2, 3, 4, 1, 2, 3, 4 };

//Encrypt the data.
        byte [] encryptedSecret = Protect( secret );
        Console.WriteLine("The encrypted byte array is:");
        PrintValues(encryptedSecret);
        
// Decrypt the data and store in a byte array.
        byte [] originalData = Unprotect( encryptedSecret );
        Console.WriteLine("{0}The original data is:", Environment.NewLine);
        PrintValues(originalData);

    }

    public static byte [] Protect( byte [] data )
    {
        try
        {
            // Encrypt the data using DataProtectionScope.CurrentUser. The result can be decrypted
            //  only by the same current user.
            return ProtectedData.Protect( data, s_aditionalEntropy, DataProtectionScope.CurrentUser );
        } 
        catch (CryptographicException e)
        {
            Console.WriteLine("Data was not encrypted. An error occurred.");
            Console.WriteLine(e.ToString());
            return null;
        }
    }

    public static byte [] Unprotect( byte [] data )
    {
        try
        {
            //Decrypt the data using DataProtectionScope.CurrentUser.
            return ProtectedData.Unprotect( data, s_aditionalEntropy, DataProtectionScope.CurrentUser );
        } 
        catch (CryptographicException e)
        {
            Console.WriteLine("Data was not decrypted. An error occurred.");
            Console.WriteLine(e.ToString());
            return null;
        }
    }

    public static void PrintValues( Byte[] myArr )  
    {
          foreach ( Byte i in myArr )  
              {
                 Console.Write( "\t{0}", i );
             }
      Console.WriteLine();
     }

}

Visual C++

#using <System.Security.dll>

using namespace System;
using namespace System::Security::Cryptography;

public ref class DataProtectionSample
{
private:

   // Create byte array for additional entropy when using Protect method.
   static array<Byte>^s_aditionalEntropy = {9,8,7,6,5};

public:
   static void Main()
   {

      // Create a simple byte array containing data to be encrypted.
      array<Byte>^secret = {0,1,2,3,4,1,2,3,4};

      //Encrypt the data.
      array<Byte>^encryptedSecret = Protect( secret );
      Console::WriteLine( "The encrypted byte array is:" );
      PrintValues( encryptedSecret );

      // Decrypt the data and store in a byte array.
      array<Byte>^originalData = Unprotect( encryptedSecret );
      Console::WriteLine( "{0}The original data is:", Environment::NewLine );
      PrintValues( originalData );
   }

   static array<Byte>^ Protect( array<Byte>^data )
   {
      try
      {

         // Encrypt the data using DataProtectionScope.CurrentUser. The result can be decrypted
         //  only by the same current user.
         return ProtectedData::Protect( data, s_aditionalEntropy, DataProtectionScope::CurrentUser );
      }
      catch ( CryptographicException^ e ) 
      {
         Console::WriteLine( "Data was not encrypted. An error occurred." );
         Console::WriteLine( e );
         return nullptr;
      }
   }

   static array<Byte>^ Unprotect( array<Byte>^data )
   {
      try
      {

         //Decrypt the data using DataProtectionScope.CurrentUser.
         return ProtectedData::Unprotect( data, s_aditionalEntropy, DataProtectionScope::CurrentUser );
      }
      catch ( CryptographicException^ e ) 
      {
         Console::WriteLine( "Data was not decrypted. An error occurred." );
         Console::WriteLine( e );
         return nullptr;
      }
   }

   static void PrintValues( array<Byte>^myArr )
   {
      System::Collections::IEnumerator^ myEnum = myArr->GetEnumerator();
      while ( myEnum->MoveNext() )
      {
         Byte i = safe_cast<Byte>(myEnum->Current);
         Console::Write( "\t{0}", i );
      }

      Console::WriteLine();
   }
};

int main()
{
   DataProtectionSample::Main();
}

import System.*;
import System.Security.Cryptography.*;

public class DataProtectionSample
{
    // Create byte array for additional entropy when using Protect method.
    private static ubyte sAditionalEntropy[] =  { 9, 8, 7, 6, 5 };

    public static void main(String args[])
    {
        // Create a simple byte array containing data to be encrypted.
        ubyte secret[] =  { 0, 1, 2, 3, 4, 1, 2, 3, 4 };
        //Encrypt the data.
        ubyte encryptedSecret[] = Protect(secret);
        Console.WriteLine("The encrypted byte array is:");
        PrintValues(encryptedSecret);
        // Decrypt the data and store in a byte array.
        ubyte originalData[] = Unprotect(encryptedSecret);
        Console.WriteLine("{0}The original data is:", 
            Environment.get_NewLine());
        PrintValues(originalData);
    } //main

    public static ubyte[] Protect(ubyte data[])
    {
        try {
            // Encrypt the data using DataProtectionScope.CurrentUser. 
            // The result can be decrypted only by the same current user.
            return ProtectedData.Protect(data, sAditionalEntropy, 
                DataProtectionScope.CurrentUser);
        }
        catch (CryptographicException e) {
            Console.WriteLine("Data was not encrypted. An error occurred.");
            Console.WriteLine(e.ToString());
            return null;
        }
    } //Protect

    public static ubyte[] Unprotect(ubyte data[])
    {
        try {
            //Decrypt the data using DataProtectionScope.CurrentUser.
            return ProtectedData.Unprotect(data, sAditionalEntropy, 
                DataProtectionScope.CurrentUser);
        }
        catch (CryptographicException e) {
            Console.WriteLine("Data was not decrypted. An error occurred.");
            Console.WriteLine(e.ToString());
            return null;
        }
    } //Unprotect

    public static void PrintValues(ubyte myArr[])
    {
        for (int iCtr = 0; iCtr < myArr.length; iCtr++) {
            ubyte i = myArr[iCtr];
            Console.Write("\t{0}", System.Convert.ToString(i));
        }
        Console.WriteLine();
    } //PrintValues
} //DataProtectionSample

Inheritance Hierarchy

System..::.Object
System.Security.Cryptography..::.ProtectedData

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Version Information

.NET Framework

Supported in: 3.5, 3.0, 2.0

Reference

ProtectedData Members

System.Security.Cryptography Namespace

Product Families

Resources

About Microsoft

Popular Places

Popular Searches

Popular Downloads

.NET Framework

Reference