private static extern bool CryptUnprotectData(
ref DATA_BLOB pDataIn,
IntPtr szDataDescr,
IntPtr pOptionalEntropy,
IntPtr pvReserved,
IntPtr pPromptStruct,
CryptProtectFlags dwFlags,
ref DATA_BLOB pDataOut
);
private static extern bool CryptUnprotectData(
ref DATA_BLOB pDataIn,
String szDataDescr,
ref DATA_BLOB pOptionalEntropy,
IntPtr pvReserved,
ref CRYPTPROTECT_PROMPTSTRUCT pPromptStruct,
CryptProtectFlags dwFlags,
ref DATA_BLOB pDataOut
);
public byte[] Encrypt(byte[] plainTextBytes)
{
if (description == null)
{
description = "";
}
DataBlob plainTextBlob = new DataBlob(plainTextBytes);
DataBlob cipherTextBlob = new DataBlob( );
DataBlob entropyBlob = new DataBlob(entropy);
try {
CryptProtectFlags flags = CryptProtectFlags.UIForbidden;
if (keyType == DataProtectionKeyType.MachineKey)
{
flags |= CryptProtectFlags.LocalMachine;
}
if (!CryptProtectData(ref plainTextBlob, description, ref entropyBlob, IntPtr.Zero, IntPtr.Zero, flags, ref cipherTextBlob))
{
throw new COMException("CryptProtectData failed." + Marshal.GetLastWin32Error( ));
}
byte[] cipherTextBytes = new byte[cipherTextBlob.cbData];
Marshal.Copy(cipherTextBlob.pbData, cipherTextBytes, 0, cipherTextBlob.cbData);
return(cipherTextBytes);
} catch (Exception ex) {
throw new Exception("DPAPI was unable to encrypt data. " + ex.Message);
} finally {
if (plainTextBlob.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(plainTextBlob.pbData);
}
if (cipherTextBlob.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(cipherTextBlob.pbData);
}
if (entropyBlob.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(entropyBlob.pbData);
}
}
}
private static byte[] CryptOperationWindows(bool protect, byte[] data, byte[] optionalEntropy, DataProtectionScope scope)
{
GCHandle handle = GCHandle.Alloc(data, GCHandleType.Pinned);
GCHandle handleEntropy = (optionalEntropy != null && optionalEntropy.Length != 0 ? GCHandle.Alloc(optionalEntropy, GCHandleType.Pinned) : new GCHandle());
try
{
DATA_BLOB dataIn = new DATA_BLOB
{
cbData = data.Length,
pbData = handle.AddrOfPinnedObject()
};
DATA_BLOB entropy = new DATA_BLOB
{
cbData = (optionalEntropy == null ? 0 : optionalEntropy.Length),
pbData = (handleEntropy.IsAllocated ? handleEntropy.AddrOfPinnedObject() : IntPtr.Zero)
};
DATA_BLOB dataOut = new DATA_BLOB();
CRYPTPROTECT_PROMPTSTRUCT prompt = new CRYPTPROTECT_PROMPTSTRUCT();
CryptProtectFlags flags = (scope == DataProtectionScope.CurrentUser ? CryptProtectFlags.CRYPTPROTECT_NONE : CryptProtectFlags.CRYPTPROTECT_LOCAL_MACHINE);
if (protect)
{
CryptProtectData(ref dataIn, null, ref entropy, IntPtr.Zero, ref prompt, flags, ref dataOut);
}
else
{
CryptUnprotectData(ref dataIn, null, ref entropy, IntPtr.Zero, ref prompt, flags, ref dataOut);
}
if (dataOut.cbData == 0)
{
throw new System.IO.InvalidDataException("Unable to protect/unprotect data, most likely the data came from a different user account or a different machine");
}
byte[] dataCopy = new byte[dataOut.cbData];
Marshal.Copy(dataOut.pbData, dataCopy, 0, dataCopy.Length);
LocalFree(dataOut.pbData);
return(dataCopy);
}
finally
{
handle.Free();
if (handleEntropy.IsAllocated)
{
handleEntropy.Free();
}
}
}
public static string Encrypt(string unencrypted)
{
CryptProtectFlags flags = CryptProtectFlags.CRYPTPROTECT_UI_FORBIDDEN;
DATA_BLOB unencryptedBlob = ConvertData(Encoding.Unicode.GetBytes(unencrypted));
DATA_BLOB encryptedBlob = new DATA_BLOB();
DATA_BLOB dataOption = new DATA_BLOB();
try
{
CRYPTPROTECT_PROMPTSTRUCT prompt = new CRYPTPROTECT_PROMPTSTRUCT();
if (!CryptProtectData(ref unencryptedBlob, "psw", ref dataOption, IntPtr.Zero, ref prompt, flags, ref encryptedBlob))
{
int errCode = Marshal.GetLastWin32Error();
throw new AmazonClientException("CryptProtectData failed. Error Code: " + errCode);
}
byte[] outData = new byte[encryptedBlob.cbData];
Marshal.Copy(encryptedBlob.pbData, outData, 0, outData.Length);
StringBuilder encrypted = new StringBuilder();
for (int i = 0; i <= outData.Length - 1; i++)
{
encrypted.Append(
Convert.ToString(outData[i], 16).PadLeft(2, '0').ToUpper(CultureInfo.InvariantCulture));
}
string encryptedPassword = encrypted.ToString().ToUpper(CultureInfo.InvariantCulture);
return(encryptedPassword);
}
finally
{
if (unencryptedBlob.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(unencryptedBlob.pbData);
}
if (encryptedBlob.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(encryptedBlob.pbData);
}
}
}
public static string Decrypt(string encrypted)
{
List <Byte> dataIn = new List <byte>();
for (int i = 0; i < encrypted.Length; i = i + 2)
{
byte data = Convert.ToByte(encrypted.Substring(i, 2), 16);
dataIn.Add(data);
}
CryptProtectFlags flags = CryptProtectFlags.CRYPTPROTECT_UI_FORBIDDEN;
DATA_BLOB encryptedBlob = ConvertData(dataIn.ToArray());
DATA_BLOB unencryptedBlob = new DATA_BLOB();
DATA_BLOB dataOption = new DATA_BLOB();
try
{
CRYPTPROTECT_PROMPTSTRUCT prompt = new CRYPTPROTECT_PROMPTSTRUCT();
if (!CryptUnprotectData(ref encryptedBlob, "psw", ref dataOption, IntPtr.Zero, ref prompt, flags, ref unencryptedBlob))
{
int errCode = Marshal.GetLastWin32Error();
throw new AmazonClientException("CryptProtectData failed. Error Code: " + errCode);
}
byte[] outData = new byte[unencryptedBlob.cbData];
Marshal.Copy(unencryptedBlob.pbData, outData, 0, outData.Length);
string unencrypted = Encoding.Unicode.GetString(outData);
return(unencrypted);
}
finally
{
if (encryptedBlob.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(encryptedBlob.pbData);
}
if (unencryptedBlob.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(unencryptedBlob.pbData);
}
}
}
public byte[] Decrypt(byte[] cipherTextBytes)
{
DataBlob plainTextBlob = new DataBlob( );
DataBlob cipherTextBlob = new DataBlob(cipherTextBytes);
DataBlob entropyBlob = new DataBlob(entropy);
description = "";
try {
CryptProtectFlags flags = CryptProtectFlags.UIForbidden;
if (!CryptUnprotectData(ref cipherTextBlob, ref description, ref entropyBlob, IntPtr.Zero, IntPtr.Zero, flags, ref plainTextBlob))
{
throw new COMException("CryptUnprotectData failed. ", Marshal.GetLastWin32Error( ));
}
byte[] plainTextBytes = new byte[plainTextBlob.cbData];
Marshal.Copy(plainTextBlob.pbData, plainTextBytes, 0, plainTextBlob.cbData);
return(plainTextBytes);
} catch (Exception ex) {
throw new Exception("DPAPI was unable to decrypt data. " + ex.Message);
} finally {
if (plainTextBlob.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(plainTextBlob.pbData);
}
if (cipherTextBlob.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(cipherTextBlob.pbData);
}
if (entropyBlob.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(entropyBlob.pbData);
}
}
}
private static extern bool CryptUnprotectData(
ref DATA_BLOB pDataIn,
String szDataDescr,
ref DATA_BLOB pOptionalEntropy,
IntPtr pvReserved,
ref CRYPTPROTECT_PROMPTSTRUCT pPromptStruct,
CryptProtectFlags dwFlags,
ref DATA_BLOB pDataOut
);
public static extern bool CryptUnprotectData(ref DataBlob pDataIn, StringBuilder szDataDescr, ref DataBlob pOptionalEntropy, IntPtr pvReserved, IntPtr pPromptStruct, CryptProtectFlags dwFlags, ref DataBlob pDataOut);
private static extern bool CryptUnprotectData( ref DataBlob pCipherText, ref string pszDescription, ref DataBlob pEntropy, IntPtr pReserved, IntPtr pPrompt, CryptProtectFlags dwFlags, ref DataBlob pPlainText );
private static extern bool CryptUnprotectData(ref DataBlob pCipherText, ref string pszDescription, ref DataBlob pEntropy, IntPtr pReserved, IntPtr pPrompt, CryptProtectFlags dwFlags, ref DataBlob pPlainText);
