/
DpapiDataProtector.xml
232 lines (218 loc) · 15.5 KB
/
DpapiDataProtector.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
<Type Name="DpapiDataProtector" FullName="System.Security.Cryptography.DpapiDataProtector">
<TypeSignature Language="C#" Value="public sealed class DpapiDataProtector : System.Security.Cryptography.DataProtector" />
<TypeSignature Language="ILAsm" Value=".class public auto ansi sealed beforefieldinit DpapiDataProtector extends System.Security.Cryptography.DataProtector" />
<TypeSignature Language="DocId" Value="T:System.Security.Cryptography.DpapiDataProtector" />
<TypeSignature Language="VB.NET" Value="Public NotInheritable Class DpapiDataProtector
Inherits DataProtector" />
<TypeSignature Language="F#" Value="type DpapiDataProtector = class
 inherit DataProtector" />
<TypeSignature Language="C++ CLI" Value="public ref class DpapiDataProtector sealed : System::Security::Cryptography::DataProtector" />
<AssemblyInfo>
<AssemblyName>System.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Base>
<BaseTypeName>System.Security.Cryptography.DataProtector</BaseTypeName>
</Base>
<Interfaces />
<Docs>
<summary>Provides simple data protection methods.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
The <xref:System.Security.Cryptography.DpapiDataProtector> class provides a structured way to protect data by using the <xref:System.Security.Cryptography.ProtectedData> class. The class constructor has purpose parameters that serve like a password to identify the protected data. All three parameters are hashed and included as part of the encrypted data string. You must know the purpose parameters to unprotect the data. The <xref:System.Security.Cryptography.ProtectedData.Protect%2A?displayProperty=nameWithType> method that is called to encrypt the data has an `optionalEntropy` parameter that allows you to add qualifying information to encrypt the data more securely. The hash of the purpose parameters is used for optional entropy. Because you do not need a key to decrypt the data, carefully choosing the purpose data adds another level of security to data protection.
If you use a <xref:System.Security.Cryptography.DpapiDataProtector.Scope%2A> setting of <xref:System.Security.Cryptography.DataProtectionScope.CurrentUser>, only a user with logon credentials that match those of the user who encrypted the data can decrypt the data. In addition, decryption usually can be done only on the computer where the data was encrypted. The Windows function that encrypts the data creates a session key to perform the encryption. The session key is derived again when the data is to be decrypted. For a detailed description of how data is protected by using session keys, see [Windows Data Protection](https://go.microsoft.com/fwlink/?LinkId=224686).
If you use a <xref:System.Security.Cryptography.DpapiDataProtector.Scope%2A> setting of <xref:System.Security.Cryptography.DataProtectionScope.LocalMachine> when protecting the data and do not carefully identify the purpose parameters, any other application on that computer that knows the purposes can access and unprotect the data.
]]></format>
</remarks>
</Docs>
<Members>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public DpapiDataProtector (string appName, string primaryPurpose, params string[] specificPurpose);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor(string appName, string primaryPurpose, string[] specificPurpose) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Security.Cryptography.DpapiDataProtector.#ctor(System.String,System.String,System.String[])" />
<MemberSignature Language="VB.NET" Value="Public Sub New (appName As String, primaryPurpose As String, ParamArray specificPurpose As String())" />
<MemberSignature Language="F#" Value="new System.Security.Cryptography.DpapiDataProtector : string * string * string[] -> System.Security.Cryptography.DpapiDataProtector" Usage="new System.Security.Cryptography.DpapiDataProtector (appName, primaryPurpose, specificPurpose)" />
<MemberSignature Language="C++ CLI" Value="public:
 DpapiDataProtector(System::String ^ appName, System::String ^ primaryPurpose, ... cli::array <System::String ^> ^ specificPurpose);" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyName>System.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Attributes>
<Attribute>
<AttributeName Language="C#">[System.Security.SecuritySafeCritical]</AttributeName>
<AttributeName Language="F#">[<System.Security.SecuritySafeCritical>]</AttributeName>
</Attribute>
</Attributes>
<Parameters>
<Parameter Name="appName" Type="System.String" />
<Parameter Name="primaryPurpose" Type="System.String" />
<Parameter Name="specificPurpose" Type="System.String[]">
<Attributes>
<Attribute>
<AttributeName Language="C#">[System.ParamArray]</AttributeName>
<AttributeName Language="F#">[<System.ParamArray>]</AttributeName>
</Attribute>
</Attributes>
</Parameter>
</Parameters>
<Docs>
<param name="appName">The name of the application.</param>
<param name="primaryPurpose">The primary purpose for the data protector.</param>
<param name="specificPurpose">The specific purpose(s) for the data protector.</param>
<summary>Creates a new instance of the <see cref="T:System.Security.Cryptography.DpapiDataProtector" /> class by using the specified application name, primary purpose, and specific purposes.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
The application name specified by the `appName` parameter is considered to be a part of the purpose for the protected data. The three parameters are hashed, and the hash is used for both protecting and unprotecting the data. Examples of `primaryPurpose` and `specificPurposes` values are **Giftcard** and **\<gift card number>** or **Invoice** and **\<invoice number>**.
]]></format>
</remarks>
<exception cref="T:System.ArgumentException">
<paramref name="appName" /> is an empty string or <see langword="null" />.
-or-
<paramref name="primaryPurpose" /> is an empty string or <see langword="null" />.
-or-
<paramref name="specificPurposes" /> contains an empty string or <see langword="null" />.</exception>
</Docs>
</Member>
<Member MemberName="IsReprotectRequired">
<MemberSignature Language="C#" Value="public override bool IsReprotectRequired (byte[] encryptedData);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig virtual instance bool IsReprotectRequired(unsigned int8[] encryptedData) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Security.Cryptography.DpapiDataProtector.IsReprotectRequired(System.Byte[])" />
<MemberSignature Language="VB.NET" Value="Public Overrides Function IsReprotectRequired (encryptedData As Byte()) As Boolean" />
<MemberSignature Language="F#" Value="override this.IsReprotectRequired : byte[] -> bool" Usage="dpapiDataProtector.IsReprotectRequired encryptedData" />
<MemberSignature Language="C++ CLI" Value="public:
 override bool IsReprotectRequired(cli::array <System::Byte> ^ encryptedData);" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Boolean</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="encryptedData" Type="System.Byte[]" />
</Parameters>
<Docs>
<param name="encryptedData">The encrypted data to be checked.</param>
<summary>Determines if the data must be re-encrypted.</summary>
<returns>
<see langword="true" /> if the data must be re-encrypted; otherwise, <see langword="false" />.</returns>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
This method always returns `true`.
]]></format>
</remarks>
</Docs>
</Member>
<Member MemberName="PrependHashedPurposeToPlaintext">
<MemberSignature Language="C#" Value="protected override bool PrependHashedPurposeToPlaintext { get; }" />
<MemberSignature Language="ILAsm" Value=".property instance bool PrependHashedPurposeToPlaintext" />
<MemberSignature Language="DocId" Value="P:System.Security.Cryptography.DpapiDataProtector.PrependHashedPurposeToPlaintext" />
<MemberSignature Language="VB.NET" Value="Protected Overrides ReadOnly Property PrependHashedPurposeToPlaintext As Boolean" />
<MemberSignature Language="F#" Value="member this.PrependHashedPurposeToPlaintext : bool" Usage="System.Security.Cryptography.DpapiDataProtector.PrependHashedPurposeToPlaintext" />
<MemberSignature Language="C++ CLI" Value="protected:
 virtual property bool PrependHashedPurposeToPlaintext { bool get(); };" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyName>System.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Boolean</ReturnType>
</ReturnValue>
<Docs>
<summary>To be added.</summary>
<value>To be added.</value>
<remarks>To be added.</remarks>
</Docs>
</Member>
<Member MemberName="ProviderProtect">
<MemberSignature Language="C#" Value="protected override byte[] ProviderProtect (byte[] userData);" />
<MemberSignature Language="ILAsm" Value=".method familyhidebysig virtual instance unsigned int8[] ProviderProtect(unsigned int8[] userData) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Security.Cryptography.DpapiDataProtector.ProviderProtect(System.Byte[])" />
<MemberSignature Language="VB.NET" Value="Protected Overrides Function ProviderProtect (userData As Byte()) As Byte()" />
<MemberSignature Language="F#" Value="override this.ProviderProtect : byte[] -> byte[]" Usage="dpapiDataProtector.ProviderProtect userData" />
<MemberSignature Language="C++ CLI" Value="protected:
 override cli::array <System::Byte> ^ ProviderProtect(cli::array <System::Byte> ^ userData);" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Attributes>
<Attribute>
<AttributeName Language="C#">[System.Security.SecuritySafeCritical]</AttributeName>
<AttributeName Language="F#">[<System.Security.SecuritySafeCritical>]</AttributeName>
</Attribute>
</Attributes>
<ReturnValue>
<ReturnType>System.Byte[]</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="userData" Type="System.Byte[]" />
</Parameters>
<Docs>
<param name="userData">To be added.</param>
<summary>To be added.</summary>
<returns>To be added.</returns>
<remarks>To be added.</remarks>
</Docs>
</Member>
<Member MemberName="ProviderUnprotect">
<MemberSignature Language="C#" Value="protected override byte[] ProviderUnprotect (byte[] encryptedData);" />
<MemberSignature Language="ILAsm" Value=".method familyhidebysig virtual instance unsigned int8[] ProviderUnprotect(unsigned int8[] encryptedData) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Security.Cryptography.DpapiDataProtector.ProviderUnprotect(System.Byte[])" />
<MemberSignature Language="VB.NET" Value="Protected Overrides Function ProviderUnprotect (encryptedData As Byte()) As Byte()" />
<MemberSignature Language="F#" Value="override this.ProviderUnprotect : byte[] -> byte[]" Usage="dpapiDataProtector.ProviderUnprotect encryptedData" />
<MemberSignature Language="C++ CLI" Value="protected:
 override cli::array <System::Byte> ^ ProviderUnprotect(cli::array <System::Byte> ^ encryptedData);" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Attributes>
<Attribute>
<AttributeName Language="C#">[System.Security.SecuritySafeCritical]</AttributeName>
<AttributeName Language="F#">[<System.Security.SecuritySafeCritical>]</AttributeName>
</Attribute>
</Attributes>
<ReturnValue>
<ReturnType>System.Byte[]</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="encryptedData" Type="System.Byte[]" />
</Parameters>
<Docs>
<param name="encryptedData">To be added.</param>
<summary>To be added.</summary>
<returns>To be added.</returns>
<remarks>To be added.</remarks>
</Docs>
</Member>
<Member MemberName="Scope">
<MemberSignature Language="C#" Value="public System.Security.Cryptography.DataProtectionScope Scope { get; set; }" />
<MemberSignature Language="ILAsm" Value=".property instance valuetype System.Security.Cryptography.DataProtectionScope Scope" />
<MemberSignature Language="DocId" Value="P:System.Security.Cryptography.DpapiDataProtector.Scope" />
<MemberSignature Language="VB.NET" Value="Public Property Scope As DataProtectionScope" />
<MemberSignature Language="F#" Value="member this.Scope : System.Security.Cryptography.DataProtectionScope with get, set" Usage="System.Security.Cryptography.DpapiDataProtector.Scope" />
<MemberSignature Language="C++ CLI" Value="public:
 property System::Security::Cryptography::DataProtectionScope Scope { System::Security::Cryptography::DataProtectionScope get(); void set(System::Security::Cryptography::DataProtectionScope value); };" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyName>System.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Security.Cryptography.DataProtectionScope</ReturnType>
</ReturnValue>
<Docs>
<summary>Gets or sets the scope of the data protection.</summary>
<value>One of the enumeration values that specifies the scope of the data protection (either the current user or the local machine). The default is <see cref="F:System.Security.Cryptography.DataProtectionScope.CurrentUser" />.</value>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
Data protection encrypts the data on the disk so it cannot be read by other programs. You do not need a key to protect or unprotect the data. If you set the <xref:System.Security.Cryptography.DpapiDataProtector.Scope%2A> to <xref:System.Security.Cryptography.DataProtectionScope.CurrentUser>, only applications running on your credentials can unprotect the data; however, that means that any application running on your credentials can access the protected data. If you set the <xref:System.Security.Cryptography.DpapiDataProtector.Scope%2A> to <xref:System.Security.Cryptography.DataProtectionScope.LocalMachine>, any full-trust application on the computer can unprotect, access, and modify the data if it knows the application name, the primary purpose, and the specific purpose.
]]></format>
</remarks>
</Docs>
</Member>
</Members>
</Type>