DPAPI Component
Properties Methods Events Configuration Settings Errors
The DPAPI component allows you to protect and unprotect data.
Syntax
TipcDPAPI
Remarks
The component supports the classic Microsoft Windows Data Protection API (DPAPI) or CNG DPAPI implementation. The use of UseCNG determines which implementation is used.
The classic DPAPI functionality protects data on a single system. The CNG DPAPI is designed with modern use cases involved. In many cases, especially with cloud computing, protection and unprotection may be done on different systems. With this in mind the Microsoft CNG DPAPI allows encrypting to a set of principals that can be used to unprotect the data on other systems after authenticating.
Protecting Data
Protect protects the specified data.
The component supports protecting data using either the classic DPAPI or CNG DPAPI implementation. The use of UseCNG determines which implementation is used. The list of applicable properties differs depending on whether CNG DPAPI is being used.
When using classic DPAPI (UseCNG is False), the following optional properties are applicable:
When using CNG DPAPI (UseCNG is True), the following properties are applicable:
Input and Output Properties
The component will determine the source and destination of the input and output based on which properties are set.
The order in which the input properties are checked is as follows:
When a valid source is found the search stops. The order in which the output properties are checked is as follows:
- SetOutputStream
- OutputFile
- OutputMessage: The output data is written to this property if no other destination is specified.
When using streams you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.
Code Example (Classic DPAPI - UseCNG is False)
//Protect
Dpapi dpapi = new Dpapi();
dpapi.InputMessage = "test";
dpapi.Protect();
byte[] protectedData = dpapi.OutputMessageB;
//Unprotect
dpapi = new Dpapi();
dpapi.InputMessageB = protectedData;
dpapi.Unprotect();
Console.WriteLine(dpapi.OutputMessage); //outputs "test"
Code Example (CNG DPAPI - UseCNG is True)
//Protect
Dpapi dpapi = new Dpapi();
dpapi.UseCNG = true;
dpapi.ProtectionDescriptor = "LOCAL=user";
dpapi.InputMessage = "test";
dpapi.Protect();
byte[] protectedData = dpapi.OutputMessageB;
//Unprotect
dpapi = new Dpapi();
dpapi.UseCNG = true;
dpapi.InputMessageB = protectedData;
dpapi.Unprotect();
Console.WriteLine(dpapi.OutputMessage); //outputs "test"
Unprotecting Data
Unprotect unprotects the specified data.
The component supports unprotecting data using either the classic DPAPI or CNG DPAPI implementation. The use of UseCNG determines which implementation is used. The list of applicable properties differs depending on whether CNG DPAPI is being used.
When using classic DPAPI (UseCNG is False), the following optional properties are applicable:
- DataDescription (populated after completion)
- Password
When using CNG DPAPI (UseCNG is True), the following properties are applicable:
- ProtectionDescriptor (populated after completion)
- UseStreamMode
Input and Output Properties
The component will determine the source and destination of the input and output based on which properties are set.
The order in which the input properties are checked is as follows:
When a valid source is found the search stops. The order in which the output properties are checked is as follows:
- SetOutputStream
- OutputFile
- OutputMessage: The output data is written to this property if no other destination is specified.
When using streams you may need to additionally set CloseInputStreamAfterProcessing or CloseOutputStreamAfterProcessing.
Code Example (Classic DPAPI - UseCNG is False)
//Protect
Dpapi dpapi = new Dpapi();
dpapi.InputMessage = "test";
dpapi.Protect();
byte[] protectedData = dpapi.OutputMessageB;
//Unprotect
dpapi = new Dpapi();
dpapi.InputMessageB = protectedData;
dpapi.Unprotect();
Console.WriteLine(dpapi.OutputMessage); //outputs "test"
Code Example (CNG DPAPI - UseCNG is True)
//Protect
Dpapi dpapi = new Dpapi();
dpapi.UseCNG = true;
dpapi.ProtectionDescriptor = "LOCAL=user";
dpapi.InputMessage = "test";
dpapi.Protect();
byte[] protectedData = dpapi.OutputMessageB;
//Unprotect
dpapi = new Dpapi();
dpapi.UseCNG = true;
dpapi.InputMessageB = protectedData;
dpapi.Unprotect();
Console.WriteLine(dpapi.OutputMessage); //outputs "test"
Property List
The following is the full list of the properties of the component with short descriptions. Click on the links for further details.
| DataDescription | The description of data. |
| InputFile | The file to process. |
| InputMessage | The message to process. |
| OutputFile | The output file when encrypting or decrypting. |
| OutputMessage | The output message after processing. |
| Overwrite | Indicates whether or not the component should overwrite files. |
| Password | An optional password to further protect data. |
| PromptTitle | The title of the prompt window. |
| PromptUser | Whether to display a prompt. |
| ProtectionDescriptor | The CNG protection descriptor. |
| UseCNG | Whether to use CNG DPAPI. |
| UseHex | Whether input or output is hex encoded. |
Method List
The following is the full list of the methods of the component with short descriptions. Click on the links for further details.
| Config | Sets or retrieves a configuration setting. |
| Protect | Protects the data. |
| Reset | Resets the component. |
| SetInputStream | Sets the stream from which the component will read data to encrypt or decrypt. |
| SetOutputStream | Sets the stream to which the component will write encrypted or decrypted data. |
| Unprotect | Unprotects the data. |
Event List
The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.
| Error | Information about errors during data delivery. |
| Progress | Fired as progress is made. |
Configuration Settings
The following is a list of configuration settings for the component with short descriptions. Click on the links for further details.
| CloseInputStreamAfterProcessing | Determines whether or not the input stream is closed after processing. |
| CloseOutputStreamAfterProcessing | Determines whether or not the output stream is closed after processing. |
| EscapeDescriptor | Whether to escape the protection descriptor. |
| ProtectionFlags | Used to specify additional options. |
| UseStreamMode | Whether to use the CNG streaming operations. |
| BuildInfo | Information about the product's build. |
| CodePage | The system code page used for Unicode to Multibyte translations. |
| LicenseInfo | Information about the current license. |
| UseInternalSecurityAPI | Tells the component whether or not to use the system security libraries or an internal implementation. |