IPWorks Encrypt 2020 .NET Edition

Questions / Feedback?

ProtectionDescriptor Property

The CNG protection descriptor.

Syntax

public string ProtectionDescriptor { get; set; }
Public Property ProtectionDescriptor As String

Default Value

""

Remarks

This property specifies the protection descriptor rule string. The protection descriptor is used by the system to decide which entities can unprotect the data at a later time. This property must be specified before calling Protect. This property is populated after calling Unprotect.

Protection descriptors can be defined for the following types of authorization:

  • A local user or machine
  • An account or group in an Active Directory forest
  • A set of web credentials
  • A certificate in the user's certificate store

A local user or machine may be used for machines that are or are not on a domain. For instance:

  • LOCAL=user
  • LOCAL=machine

The use of SID and SDDL requires that the machine be part of a domain. For instance:

  • SID=S-1-5-21-4392301 AND SID=S-1-5-21-3101812
  • SDDL=O:S-1-5-5-0-290724G:SYD:(A;;CCDC;;;S-1-5-5-0-290724)(A;;DC;;;WD)

Certificates may also be used as a descriptor. To decrypt, the certificate with corresponding private key must be present in the user's certificate store. The public certificate can be specified as the SHA1 thumbprint (hash) of the certificate, or the base64 encoded certificate itself. For instance:

  • CERTIFICATE=HashID:28ac375635b82ca3e20a1c9422145bc93965dae7
  • CERTIFICATE=CertBlob:MIIC7TCCAdWgAw...pgpVgYpppr
Note: The base64 certificate data should not include any headers, footers, or whitespace.

The use of AND and OR operators are accepted in order to encrypt data for multiple parties or establish multiple conditions for decryption.

For more details about protection descriptors and accepted formats please refer to the Microsoft Documentation for Protection Descriptors

This setting is only applicable when UseCNG is set to True.

Copyright (c) 2022 /n software inc. - All rights reserved.
IPWorks Encrypt 2020 .NET Edition - Version 20.0 [Build 8286]