DPAPI Class
Properties Methods Events Configuration Settings Errors
The DPAPI class allows you to protect and unprotect data.
Syntax
ipworksencrypt.dpapi()
Remarks
The class supports the classic Microsoft Windows Data Protection API (DPAPI) or CNG DPAPI implementation. The use of UseCNG determines which implementation is used.
The classic DPAPI functionality protects data on a single system. The CNG DPAPI is designed with modern use cases involved. In many cases, especially with cloud computing, protection and unprotection may be done on different systems. With this in mind the Microsoft CNG DPAPI allows encrypting to a set of principals that can be used to unprotect the data on other systems after authenticating.
Protecting Data
Protect protects the specified data.
The class supports protecting data using either the classic DPAPI or CNG DPAPI implementation. The use of UseCNG determines which implementation is used. The list of applicable properties differs depending on whether CNG DPAPI is being used.
When using classic DPAPI (UseCNG is False), the following optional properties are applicable:
When using CNG DPAPI (UseCNG is True), the following properties are applicable:
Input and Output Properties
The class will determine the source and destination of the input and output based on which properties are set.
The order in which the input properties are checked is as follows:
When a valid source is found the search stops. The order in which the output properties are checked is as follows:
- OutputFile
- OutputMessage: The output data is written to this property if no other destination is specified.
Code Example (Classic DPAPI - UseCNG is False)
//Protect
Dpapi dpapi = new Dpapi();
dpapi.InputMessage = "test";
dpapi.Protect();
byte[] protectedData = dpapi.OutputMessageB;
//Unprotect
dpapi = new Dpapi();
dpapi.InputMessageB = protectedData;
dpapi.Unprotect();
Console.WriteLine(dpapi.OutputMessage); //outputs "test"
Code Example (CNG DPAPI - UseCNG is True)
//Protect
Dpapi dpapi = new Dpapi();
dpapi.UseCNG = true;
dpapi.ProtectionDescriptor = "LOCAL=user";
dpapi.InputMessage = "test";
dpapi.Protect();
byte[] protectedData = dpapi.OutputMessageB;
//Unprotect
dpapi = new Dpapi();
dpapi.UseCNG = true;
dpapi.InputMessageB = protectedData;
dpapi.Unprotect();
Console.WriteLine(dpapi.OutputMessage); //outputs "test"
Unprotecting Data
Unprotect unprotects the specified data.
The class supports unprotecting data using either the classic DPAPI or CNG DPAPI implementation. The use of UseCNG determines which implementation is used. The list of applicable properties differs depending on whether CNG DPAPI is being used.
When using classic DPAPI (UseCNG is False), the following optional properties are applicable:
- DataDescription (populated after completion)
- Password
When using CNG DPAPI (UseCNG is True), the following properties are applicable:
- ProtectionDescriptor (populated after completion)
- UseStreamMode
Input and Output Properties
The class will determine the source and destination of the input and output based on which properties are set.
The order in which the input properties are checked is as follows:
When a valid source is found the search stops. The order in which the output properties are checked is as follows:
- OutputFile
- OutputMessage: The output data is written to this property if no other destination is specified.
Code Example (Classic DPAPI - UseCNG is False)
//Protect
Dpapi dpapi = new Dpapi();
dpapi.InputMessage = "test";
dpapi.Protect();
byte[] protectedData = dpapi.OutputMessageB;
//Unprotect
dpapi = new Dpapi();
dpapi.InputMessageB = protectedData;
dpapi.Unprotect();
Console.WriteLine(dpapi.OutputMessage); //outputs "test"
Code Example (CNG DPAPI - UseCNG is True)
//Protect
Dpapi dpapi = new Dpapi();
dpapi.UseCNG = true;
dpapi.ProtectionDescriptor = "LOCAL=user";
dpapi.InputMessage = "test";
dpapi.Protect();
byte[] protectedData = dpapi.OutputMessageB;
//Unprotect
dpapi = new Dpapi();
dpapi.UseCNG = true;
dpapi.InputMessageB = protectedData;
dpapi.Unprotect();
Console.WriteLine(dpapi.OutputMessage); //outputs "test"
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
DataDescription | The description of data. |
InputFile | The file to process. |
InputMessage | The message to process. |
OutputFile | The output file when encrypting or decrypting. |
OutputMessage | The output message after processing. |
Overwrite | Indicates whether or not the class should overwrite files. |
Password | An optional password to further protect data. |
PromptTitle | The title of the prompt window. |
PromptUser | Whether to display a prompt. |
ProtectionDescriptor | The CNG protection descriptor. |
UseCNG | Whether to use CNG DPAPI. |
UseHex | Whether input or output is hex encoded. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
Config | Sets or retrieves a configuration setting. |
Protect | Protects the data. |
Reset | Resets the class. |
Unprotect | Unprotects the data. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
Error | Information about errors during data delivery. |
Progress | Fired as progress is made. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
EscapeDescriptor | Whether to escape the protection descriptor. |
ProtectionFlags | Used to specify additional options. |
UseStreamMode | Whether to use the CNG streaming operations. |
BuildInfo | Information about the product's build. |
CodePage | The system code page used for Unicode to Multibyte translations. |
LicenseInfo | Information about the current license. |
ProcessIdleEvents | Whether the class uses its internal event loop to process events when the main thread is idle. |
SelectWaitMillis | The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process. |
UseInternalSecurityAPI | Tells the class whether or not to use the system security libraries or an internal implementation. |