2

I have some data I wish to protect, so I am using ProtectedData to encrypt it onto a file. When I am attempting to read and decrypt the data I am getting the strangest exception:

CryptographicException - Unable to update the password. The value provided for the new password does not not meet the length, complexity, or history requirements of the domain.

This is where it is thrown:

byte[] decryptedData = ProtectedData.Unprotect(Encoding.UTF8.GetBytes(fileContent),
 Encoding.UTF8.GetBytes(entropy),
 DataProtectionScope.LocalMachine);

It also happens when using DataProtectionScope.CurrentUser.

I haven't found any information about this exception online so I'm pretty much clueless.

4

1 回答 1

0

一些通用错误不会产生异常,并且会抛出最后一个错误。

从 System.Security.Cryptography.ProtectedDate.Unprotect 内部:

throw new CryptographicException(Marshal.GetLastWin32Error());

更具体地说,它最像失败,因为使用 System.Security.Cryptography 实现 crypt32.dll:CryptUnprotectData - CRYPTPROTECT_UI_FORBIDDEN - “此标志用于远程情况,其中呈现用户界面 (UI) 不是一个选项. 设置此标志并为保护或取消保护指定 UI 时,调用失败并且 GetLastError() 返回 ERROR_PASSWORD_RESTRICTION 状态代码。" Windows 数据保护

我发现一个对我有用的解决方法是不使用 Base64 转换器,我使用 PowerShell 使用的相同脚本:

static byte[] ByteArrayFromString(string s)
    {
        int length = s.Length / 2;
        byte[] numArray = new byte[length];
        if (s.Length > 0)
        {
            for (int i = 0; i < length; i++)
            {
                numArray[i] = byte.Parse(s.Substring(2 * i, 2), NumberStyles.AllowHexSpecifier, CultureInfo.InvariantCulture);
            }
        }
        return numArray;
    }
于 2014-02-17T17:37:07.510 回答