IPWorks Encrypt 2020 .NET Edition

Questions / Feedback?

DPAPI Configuration

The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

DPAPI Configuration Settings

CloseInputStreamAfterProcessing:   Determines whether or not the input stream is closed after processing.

Determines whether or not the input stream set by SetInputStream is closed after processing is complete. The default value is True.

CloseOutputStreamAfterProcessing:   Determines whether or not the output stream is closed after processing.

Determines whether or not the output stream set by SetOutputStream is closed after processing is complete. The default value is True.

EscapeDescriptor:   Whether to escape the protection descriptor.

This setting controls whether the ProtectionDescriptor value is escaped when Protect is called. When set to False (default) the value is passed exactly as provided to the underlying system libraries. When set to True the value is first escaped according to the escaping rules defined by Microsoft.

The default value of EscapeDescriptor is True.

This setting is only applicable when UseCNG is set to True.

ProtectionFlags:   Used to specify additional options.

Additional options are available to restrict or change the behavior of the protect and unprotect operations.

By default no additional settings are specified (the value is 0). You may set this property to the binary 'OR' of one or more of the following values:

1 (0x1) CRYPTPROTECT_UI_FORBIDDEN This flag is used for remote situations where presenting a user interface (UI) is not an option. When this flag is set and a UI is specified for either the protect or unprotect operation, the operation fails.
4 (0x4) CRYPTPROTECT_LOCAL_MACHINE When this flag is set, it associates the data encrypted with the current computer instead of with an individual user. This is only applicable when calling Protect.
8 (0x8) CRYPTPROTECT_CRED_SYNC When this flag is used, no data is actually protected. Instead all MasterKeys are queried from disk, which will cause re-encryption in memory, presumably under a changed password. This is only applicable when calling Protect.
16 (0x10) CRYPTPROTECT_AUDIT This flag causes DPAPI to generate an audit when this data is protected or unprotected. This is only applicable when calling Protect.
64 (0x40) CRYPTPROTECT_VERIFY_PROTECTION If the protected data blob would be better protected under a new call to the internal protect function and this call succeeds, then GetLastError will return a CRYPT_I_NEW_PROTECTION_REQUIRED status code. This is only applicable when calling Unprotect.
536870912 (0x20000000) CRYPTPROTECT_SYSTEM If data was protected with this flag set, then this flag must be set to unprotect the data.

This setting is not applicable when UseCNG is set to True.

UseStreamMode:   Whether to use the CNG streaming operations.

When set to True the component will use the CNG streaming operations when Protect and Unprotect are called. When working with large amounts of data this can reduce the memory overhead during processing. Note that when enabled InputFile and OutputFile or SetInputStream and SetOutputStreamshould be used for optimal memory usage.

The default value of UseStreamMode is False.

This setting is only applicable when UseCNG is set to True.

Base Configuration Settings

BuildInfo:   Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

GUIAvailable:   Tells the component whether or not a message loop is available for processing events.

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The component will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.

In some non-GUI applications an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GUIAvailable to false will ensure that the component does not attempt to process external events.

LicenseInfo:   Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a component is using. It will return the following information:

  • Product: The product the license is for.
  • Product Key: The key the license was generated from.
  • License Source: Where the license was found (e.g. RuntimeLicense, License File).
  • License Type: The type of license installed (e.g. Royalty Free, Single Server).
UseInternalSecurityAPI:   Tells the component whether or not to use the system security libraries or an internal implementation.

By default the component will use the system security libraries to perform cryptographic functions. When set to False calls to unmanaged code will be made. In certain environments this is not desirable. To use a completely managed security implementation set this setting to True. Setting this to True tells the component to use the internal implementation instead of using the system's security API.

Note: This setting is static. The value set is applicable to all components used in the application.

When this value is set the product's system DLL is no longer required as a reference, as all unmanaged code is stored in that file.

Copyright (c) 2022 /n software inc. - All rights reserved.
IPWorks Encrypt 2020 .NET Edition - Version 20.0 [Build 8286]