private string UnprotectSecretv3(ProtectedSecret data)
{
byte[] rawProtectedData = Convert.FromBase64String(data.Data);
using SafeHGlobalHandle f = new SafeHGlobalHandle(rawProtectedData);
var result = NCrypt.NCryptUnprotectSecret(out _, NCrypt.UnprotectSecretFlags.NCRYPT_SILENT_FLAG, f.DangerousGetHandle(), f.Size, IntPtr.Zero, IntPtr.Zero, out IntPtr unprotectedData, out uint unprotectedDataSize);
result.ThrowIfFailed();
using SafeHGlobalHandle d = new SafeHGlobalHandle(unprotectedData, unprotectedDataSize, true);
return(Encoding.Unicode.GetString(d.GetBytes(0, (int)unprotectedDataSize)));
}
public ProtectedSecret ProtectSecret(string secret, CommonSecurityDescriptor securityDescriptor)
{
this.licenseManager.ThrowOnMissingFeature(LicensedFeatures.DpapiNgSecretEncryption);
var result = NCrypt.NCryptCreateProtectionDescriptor($"SDDL={securityDescriptor.GetSddlForm(AccessControlSections.All)}", 0, out NCrypt.SafeNCRYPT_DESCRIPTOR_HANDLE handle);
result.ThrowIfFailed();
using (handle)
{
using SafeHGlobalHandle f = new SafeHGlobalHandle(Encoding.Unicode.GetBytes(secret));
result = NCrypt.NCryptProtectSecret(handle, NCrypt.ProtectFlags.NCRYPT_SILENT_FLAG, f.DangerousGetHandle(), f.Size, IntPtr.Zero, IntPtr.Zero, out IntPtr protectedData, out uint protectedDataSize);
result.ThrowIfFailed();
using SafeHGlobalHandle d = new SafeHGlobalHandle(protectedData, protectedDataSize, true);
return(new ProtectedSecret
{
Data = Convert.ToBase64String(d.GetBytes(0, (int)protectedDataSize)),
Mode = 3
});
}
}