DataProtectionProvider构造函数保护说明
本文关键字:说明 保护 构造函数 DataProtectionProvider | 更新日期: 2023-09-27 18:26:36
我正在使用DataProtectionProvider类来加密应用程序本地存储中的文件。但我很难找到一些关于如何以最佳方式使用构造函数中给定的描述符的可靠示例/信息。
msdn上给出的描述符示例有:
"SID=S-1-5-21-4392301和SID=S-1-5-21-3101812"
"SDDL=O:S-5-5-0-290724G:SYD:(A;;CCDC;;S-1-5-5-0-290724)(A;,DC;;WD)"
"LOCAL=用户"
"LOCAL=machine"
"WEBCREDENTIALS=MyPasswordName"
"WEBCREDENTIALS=MyPasswordName,myweb.com"
使用"LOCAL=user"加密文件的安全性如何?只要同一用户正在使用该应用程序,任何应用程序都可以解密它们吗?
如何使用"WEBCREDENTIALS=MyPasswordName"?我可以使用密码库中的密码吗?
此线程建议您应该使用cryptography.core程序集,可能值得一看
这个问题也应该标记为windows运行时。
我不确定"WEBCREDENTIALS=MyPasswordName"描述符是如何工作的,但"WEBCREDENTIALS''MyPasswordName,myweb.com"描述符可以(必须?)引用您的应用程序在PasswordVault中创建的条目。
PasswordVault中的条目可以在"控制面板->凭据管理器->Web凭据"窗格中查看。
以下是加密和解密某些数据的方法:
// using System.Diagnostics;
// using Windows.Storage.Streams;
// using System.IO;
// using System.Runtime.InteropServices.WindowsRuntime; // (convert streams from Windows. to System. and vice-versa)
// using Windows.Security.Credentials;
// using Windows.Security.Cryptography;
// using Windows.Security.Cryptography.DataProtection;
public async void EnDeCryptDataUsingWebcredentials()
{
#region Set up environment
// Specify variables for mock PasswordCredential
string credentialResource = "MyResourceIdentifier";
string credentialUserName = "Foo";
string credentialPassword = "Bar";
// Get a vault instance.
PasswordVault passwordVault = new PasswordVault();
// Inject new credential
PasswordCredential testCredential = new PasswordCredential(credentialResource, credentialUserName, credentialPassword);
passwordVault.Add(testCredential);
#endregion Set up environment
string dataToEncrypt = "The quick brown fox jumped over the lazy dog.";
Debug.WriteLine(String.Format("UnencryptedData: {0}", dataToEncrypt));
// Assemble descriptor from PasswordCredential.
PasswordCredential credential = passwordVault.Retrieve(credentialResource, credentialUserName);
string dataProtectionDescriptor = String.Format("WEBCREDENTIALS={0},{1}", credential.UserName, credential.Resource);
Debug.WriteLine("Encryption Descriptor: {0}", dataProtectionDescriptor);
// Encrypt data.
DataProtectionProvider encryptionProvider = new DataProtectionProvider(dataProtectionDescriptor);
IBuffer unencryptedDataBuffer = CryptographicBuffer.ConvertStringToBinary(dataToEncrypt, BinaryStringEncoding.Utf8);
IBuffer inputDataBuffer = await encryptionProvider.ProtectAsync(unencryptedDataBuffer);
// View encrypted data as string.
string encryptedData = String.Empty;
using (StreamReader reader = new StreamReader(inputDataBuffer.AsStream()))
{
encryptedData = reader.ReadToEnd();
}
Debug.WriteLine(String.Format("EncryptedData: {0}", encryptedData));
// Decrypt data (never supply a descriptor for decryption).
DataProtectionProvider decryptionProvider = new DataProtectionProvider();
IBuffer outputDataBuffer = await decryptionProvider.UnprotectAsync(inputDataBuffer);
// View decrypted data as string.
string decryptedData = String.Empty;
using (StreamReader reader = new StreamReader(outputDataBuffer.AsStream()))
{
decryptedData = reader.ReadToEnd();
}
Debug.WriteLine(String.Format("'nDecryptedData: {0}", decryptedData));
}