private string UnprotectSecretv3(ProtectedSecret data) { byte[] rawProtectedData = Convert.FromBase64String(data.Data); using SafeHGlobalHandle f = new SafeHGlobalHandle(rawProtectedData); var result = NCrypt.NCryptUnprotectSecret(out _, NCrypt.UnprotectSecretFlags.NCRYPT_SILENT_FLAG, f.DangerousGetHandle(), f.Size, IntPtr.Zero, IntPtr.Zero, out IntPtr unprotectedData, out uint unprotectedDataSize); result.ThrowIfFailed(); using SafeHGlobalHandle d = new SafeHGlobalHandle(unprotectedData, unprotectedDataSize, true); return(Encoding.Unicode.GetString(d.GetBytes(0, (int)unprotectedDataSize))); }
public ProtectedSecret ProtectSecret(string secret, CommonSecurityDescriptor securityDescriptor) { this.licenseManager.ThrowOnMissingFeature(LicensedFeatures.DpapiNgSecretEncryption); var result = NCrypt.NCryptCreateProtectionDescriptor($"SDDL={securityDescriptor.GetSddlForm(AccessControlSections.All)}", 0, out NCrypt.SafeNCRYPT_DESCRIPTOR_HANDLE handle); result.ThrowIfFailed(); using (handle) { using SafeHGlobalHandle f = new SafeHGlobalHandle(Encoding.Unicode.GetBytes(secret)); result = NCrypt.NCryptProtectSecret(handle, NCrypt.ProtectFlags.NCRYPT_SILENT_FLAG, f.DangerousGetHandle(), f.Size, IntPtr.Zero, IntPtr.Zero, out IntPtr protectedData, out uint protectedDataSize); result.ThrowIfFailed(); using SafeHGlobalHandle d = new SafeHGlobalHandle(protectedData, protectedDataSize, true); return(new ProtectedSecret { Data = Convert.ToBase64String(d.GetBytes(0, (int)protectedDataSize)), Mode = 3 }); } }