DataProtectionProvider构造函数保护描述

时间:2013-08-05 08:01:00

标签: c# encryption

我使用DataProtectionProvider class加密应用程序本地存储中的文件。但是我很难找到一些关于如何以最佳方式使用构造函数中给出的描述符的可靠实例/信息。

msdn上给出的描述符示例是:

  

“SID = S-1-5-21-4392301 AND SID = S-1-5-21-3101812”

     

“SDDL = O:S-1-5-5-0-290724G:SYD:(A ;; CCDC ;;; S-1-5-5-0-290724)(A ;; DC ;;; WD)“

     

“LOCAL = user”

     

“LOCAL = machine”

     

“WEBCREDENTIALS = MyPasswordName”

     

“WEBCREDENTIALS = MyPasswordName,myweb.com”

使用“LOCAL = user”加密文件的安全性如何?只要同一个用户正在使用该应用程序,任何应用程序都可以解密它们吗?

如何使用“WEBCREDENTIALS = MyPasswordName”?我可以使用密码保险库中的密码吗?

2 个答案:

答案 0 :(得分:1)

This thread建议您应该使用cryptography.core程序集,可能值得一看

答案 1 :(得分:0)

此问题也应标记为

我不确定“WEBCREDENTIALS = MyPasswordName”描述符是如何工作的,但“WEBCREDENTIALS = MyPasswordName,myweb.com”描述符可以(必须?)引用您的应用在PasswordVault中创建的条目。

可以在“控制面板 - >凭据管理器 - > Web凭据”窗格中查看PasswordVault中的条目。

这是一种加密和解密某些数据的方法: 

    // using System.Diagnostics;
    // using Windows.Storage.Streams;
    // using System.IO;
    // using System.Runtime.InteropServices.WindowsRuntime; // (convert streams from Windows. to System. and vice-versa)
    // using Windows.Security.Credentials;
    // using Windows.Security.Cryptography;
    // using Windows.Security.Cryptography.DataProtection;
    public async void EnDeCryptDataUsingWebcredentials()
    {
        #region Set up environment

        // Specify variables for mock PasswordCredential
        string credentialResource = "MyResourceIdentifier";
        string credentialUserName = "Foo";
        string credentialPassword = "Bar";

        // Get a vault instance.
        PasswordVault passwordVault = new PasswordVault();

        // Inject new credential
        PasswordCredential testCredential = new PasswordCredential(credentialResource, credentialUserName, credentialPassword);
        passwordVault.Add(testCredential);

        #endregion Set up environment

        string dataToEncrypt = "The quick brown fox jumped over the lazy dog.";
        Debug.WriteLine(String.Format("UnencryptedData: {0}", dataToEncrypt));

        // Assemble descriptor from PasswordCredential.
        PasswordCredential credential = passwordVault.Retrieve(credentialResource, credentialUserName);
        string dataProtectionDescriptor = String.Format("WEBCREDENTIALS={0},{1}", credential.UserName, credential.Resource);
        Debug.WriteLine("Encryption Descriptor: {0}", dataProtectionDescriptor);

        // Encrypt data.
        DataProtectionProvider encryptionProvider = new DataProtectionProvider(dataProtectionDescriptor);
        IBuffer unencryptedDataBuffer = CryptographicBuffer.ConvertStringToBinary(dataToEncrypt, BinaryStringEncoding.Utf8);
        IBuffer inputDataBuffer = await encryptionProvider.ProtectAsync(unencryptedDataBuffer);

        // View encrypted data as string.
        string encryptedData = String.Empty;
        using (StreamReader reader = new StreamReader(inputDataBuffer.AsStream()))
        {
            encryptedData = reader.ReadToEnd();
        }
        Debug.WriteLine(String.Format("EncryptedData: {0}", encryptedData));

        // Decrypt data (never supply a descriptor for decryption).
        DataProtectionProvider decryptionProvider = new DataProtectionProvider();
        IBuffer outputDataBuffer = await decryptionProvider.UnprotectAsync(inputDataBuffer);

        // View decrypted data as string.
        string decryptedData = String.Empty;
        using (StreamReader reader = new StreamReader(outputDataBuffer.AsStream()))
        {
            decryptedData = reader.ReadToEnd();
        }
        Debug.WriteLine(String.Format("\nDecryptedData: {0}", decryptedData));
    }
相关问题
最新问题