我正在使用DataProtectionProvider 类来加密我的应用程序本地存储中的文件。但是我很难找到一些关于如何以最佳方式使用构造函数中给出的描述符的可靠示例/信息。
msdn 上给出的描述符示例有:
“SID=S-1-5-21-4392301 和 SID=S-1-5-21-3101812”
“SDDL=O:S-1-5-5-0-290724G:SYD:(A;;CCDC;;;S-1-5-5-0-290724)(A;;DC;;;WD)”
“本地=用户”
“本地=机器”
“WEBCREDENTIALS=MyPasswordName”
“WEBCREDENTIALS=MyPasswordName,myweb.com”
使用“LOCAL=user”加密的文件有多安全?只要同一用户使用该应用程序,任何应用程序都可以解密它们吗?
如何使用“WEBCREDENTIALS=MyPasswordName”?我可以使用密码库中的密码吗?
该线程建议您应该改用cryptography.core程序集,可能值得一看
这个问题也应该被标记为windows-runtime。
我不确定“WEBCREDENTIALS=MyPasswordName”描述符是如何工作的,但“WEBCREDENTIALS=MyPasswordName,myweb.com”描述符可以(必须?)引用您的应用在 PasswordVault 中创建的条目。
可以在“控制面板 -> 凭据管理器 -> Web 凭据”窗格中查看 PasswordVault 中的条目。
这是一种加密和解密某些数据的方法:
// using System.Diagnostics;
// using Windows.Storage.Streams;
// using System.IO;
// using System.Runtime.InteropServices.WindowsRuntime; // (convert streams from Windows. to System. and vice-versa)
// using Windows.Security.Credentials;
// using Windows.Security.Cryptography;
// using Windows.Security.Cryptography.DataProtection;
public async void EnDeCryptDataUsingWebcredentials()
{
#region Set up environment
// Specify variables for mock PasswordCredential
string credentialResource = "MyResourceIdentifier";
string credentialUserName = "Foo";
string credentialPassword = "Bar";
// Get a vault instance.
PasswordVault passwordVault = new PasswordVault();
// Inject new credential
PasswordCredential testCredential = new PasswordCredential(credentialResource, credentialUserName, credentialPassword);
passwordVault.Add(testCredential);
#endregion Set up environment
string dataToEncrypt = "The quick brown fox jumped over the lazy dog.";
Debug.WriteLine(String.Format("UnencryptedData: {0}", dataToEncrypt));
// Assemble descriptor from PasswordCredential.
PasswordCredential credential = passwordVault.Retrieve(credentialResource, credentialUserName);
string dataProtectionDescriptor = String.Format("WEBCREDENTIALS={0},{1}", credential.UserName, credential.Resource);
Debug.WriteLine("Encryption Descriptor: {0}", dataProtectionDescriptor);
// Encrypt data.
DataProtectionProvider encryptionProvider = new DataProtectionProvider(dataProtectionDescriptor);
IBuffer unencryptedDataBuffer = CryptographicBuffer.ConvertStringToBinary(dataToEncrypt, BinaryStringEncoding.Utf8);
IBuffer inputDataBuffer = await encryptionProvider.ProtectAsync(unencryptedDataBuffer);
// View encrypted data as string.
string encryptedData = String.Empty;
using (StreamReader reader = new StreamReader(inputDataBuffer.AsStream()))
{
encryptedData = reader.ReadToEnd();
}
Debug.WriteLine(String.Format("EncryptedData: {0}", encryptedData));
// Decrypt data (never supply a descriptor for decryption).
DataProtectionProvider decryptionProvider = new DataProtectionProvider();
IBuffer outputDataBuffer = await decryptionProvider.UnprotectAsync(inputDataBuffer);
// View decrypted data as string.
string decryptedData = String.Empty;
using (StreamReader reader = new StreamReader(outputDataBuffer.AsStream()))
{
decryptedData = reader.ReadToEnd();
}
Debug.WriteLine(String.Format("\nDecryptedData: {0}", decryptedData));
}