DataProtectionProvider構造保護說明

Question

我使用DataProtectionProvider class的文件在我的應用程序的本地存儲加密。但是我很難找到一些關於如何以最好的方式使用構造函數中給定的描述符的可靠示例/信息。

MSDN上給出的描述符的例子是：

「SID = S-1-5-21-4392301和SID = S-1-5-21-3101812」

「SDDL = ○：S-1-5-5-0-290724G：SYD：（A ;; CCDC ;;; S-1-5-5-0-290724）（A ;; DC ;;; WD）」

「LOCAL =用戶」

「LOCAL =機器」

「WEBCREDENTIALS = MYP asswordName」

「WEBCREDENTIALS = MyPasswordName，myweb.com」

如何安全的文件加密與 「LOCAL =用戶」？只要同一用戶使用該應用程序，任何應用程序都可以解密它們嗎？

如何使用 「WEBCREDENTIALS = MyPasswordName」？我可以使用密碼保險箱中的密碼嗎？

Answer 1

This thread建議你應該使用cryptography.core組件，而不是，可能是值得考慮看看

Answer 2

這個問題也應被標記windows-runtime。

我不確定「WEBCREDENTIALS = MyPasswordName」描述符是如何工作的，但「WEBCREDENTIALS = MyPasswordName，myweb.com」描述符可以（必須）引用您的應用在PasswordVault中創建的條目。

PasswordVault中的條目可以在「控制面板 - >憑證管理器 - > Web憑據」窗格中查看。

這裏是加密和解密的一些數據的方法：在使用WEBCREDENTIALS描述符

// using System.Diagnostics; 
    // using Windows.Storage.Streams; 
    // using System.IO; 
    // using System.Runtime.InteropServices.WindowsRuntime; // (convert streams from Windows. to System. and vice-versa) 
    // using Windows.Security.Credentials; 
    // using Windows.Security.Cryptography; 
    // using Windows.Security.Cryptography.DataProtection; 
    public async void EnDeCryptDataUsingWebcredentials() 
    { 
     #region Set up environment 

     // Specify variables for mock PasswordCredential 
     string credentialResource = "MyResourceIdentifier"; 
     string credentialUserName = "Foo"; 
     string credentialPassword = "Bar"; 

     // Get a vault instance. 
     PasswordVault passwordVault = new PasswordVault(); 

     // Inject new credential 
     PasswordCredential testCredential = new PasswordCredential(credentialResource, credentialUserName, credentialPassword); 
     passwordVault.Add(testCredential); 

     #endregion Set up environment 

     string dataToEncrypt = "The quick brown fox jumped over the lazy dog."; 
     Debug.WriteLine(String.Format("UnencryptedData: {0}", dataToEncrypt)); 

     // Assemble descriptor from PasswordCredential. 
     PasswordCredential credential = passwordVault.Retrieve(credentialResource, credentialUserName); 
     string dataProtectionDescriptor = String.Format("WEBCREDENTIALS={0},{1}", credential.UserName, credential.Resource); 
     Debug.WriteLine("Encryption Descriptor: {0}", dataProtectionDescriptor); 

     // Encrypt data. 
     DataProtectionProvider encryptionProvider = new DataProtectionProvider(dataProtectionDescriptor); 
     IBuffer unencryptedDataBuffer = CryptographicBuffer.ConvertStringToBinary(dataToEncrypt, BinaryStringEncoding.Utf8); 
     IBuffer inputDataBuffer = await encryptionProvider.ProtectAsync(unencryptedDataBuffer); 

     // View encrypted data as string. 
     string encryptedData = String.Empty; 
     using (StreamReader reader = new StreamReader(inputDataBuffer.AsStream())) 
     { 
      encryptedData = reader.ReadToEnd(); 
     } 
     Debug.WriteLine(String.Format("EncryptedData: {0}", encryptedData)); 

     // Decrypt data (never supply a descriptor for decryption). 
     DataProtectionProvider decryptionProvider = new DataProtectionProvider(); 
     IBuffer outputDataBuffer = await decryptionProvider.UnprotectAsync(inputDataBuffer); 

     // View decrypted data as string. 
     string decryptedData = String.Empty; 
     using (StreamReader reader = new StreamReader(outputDataBuffer.AsStream())) 
     { 
      decryptedData = reader.ReadToEnd(); 
     } 
     Debug.WriteLine(String.Format("\nDecryptedData: {0}", decryptedData)); 
    }