public static byte[] Unprotect(byte[] encryptedData, byte[] optionalEntropy, DataProtectionScope scope) { ProtectParam pf = ProtectParam.UI_FORBIDDEN; if (scope == DataProtectionScope.LocalMachine) { pf = ProtectParam.UI_FORBIDDEN | ProtectParam.LOCAL_MACHINE; } else { pf = ProtectParam.UI_FORBIDDEN; } //TODO handle entropy properly, ignore entropy string entropyDesc = String.Empty; if (optionalEntropy != null) { entropyDesc = Format.GetString(optionalEntropy); } string outDesc; byte [] clear = Cipher.UnprotectData(encryptedData, pf, out outDesc); if (outDesc != entropyDesc) { throw new Exception("entropy failure"); } return(clear); }
//http://www.obviex.com/samples/dpapi.aspx //http://msdn.microsoft.com/security/securecode/dotnet/default.aspx?pull=/library/en-us/dnnetsec/html/SecNetHT07.asp public static byte [] UnprotectData(byte [] cipherIn, ProtectParam flags, out string desc) { desc = null; StringBuilder sb = new StringBuilder(); //TODO not returning properly CRYPTOAPI_BLOB blobIn = new CRYPTOAPI_BLOB(); byte [] plainOut; try { blobIn.cbData = cipherIn.Length; //blobIn.pbData = cipherIn; //byte[] //blobIn.pbData = Mem.AllocHGlobal(blobIn.cbData); blobIn.pbData = Mem.CryptMemAlloc(blobIn.cbData); Marshal.Copy(cipherIn, 0, blobIn.pbData, blobIn.cbData); IntPtr optEntropy = IntPtr.Zero; //CRYPTOAPI_BLOB* IntPtr reserved = IntPtr.Zero; //PVOID IntPtr prompt = IntPtr.Zero; //CRYPTPROTECT_PROMPTSTRUCT* CRYPTOAPI_BLOB dataOut = new CRYPTOAPI_BLOB(); //BUG //bool retVal = Crypto.CryptUnprotectData(ref blobIn, sb, optEntropy, reserved, prompt, (uint) flags, ref dataOut); //desc = sb.ToString(); //Assuming a max size of 99 characters in the description null terminating character IntPtr ppszDescription = Mem.CryptMemAlloc(100); bool retVal = Crypto.CryptUnprotectData(ref blobIn, ref ppszDescription, optEntropy, reserved, prompt, (uint)flags, ref dataOut); desc = Marshal.PtrToStringUni(ppszDescription); Mem.CryptMemFree(ppszDescription); ErrCode ec = Error.HandleRetVal(retVal); plainOut = new byte[dataOut.cbData]; Marshal.Copy(dataOut.pbData, plainOut, 0, dataOut.cbData); //Mem.FreeHGlobal(dataOut.pbData); Mem.CryptMemFree(dataOut.pbData); } catch (Exception ex) { throw ex; } finally { if (blobIn.pbData != IntPtr.Zero) { //Mem.FreeHGlobal(blobIn.pbData); Mem.CryptMemFree(blobIn.pbData); } } return(plainOut); }
//http://www.obviex.com/samples/dpapi.aspx //http://msdn.microsoft.com/security/securecode/dotnet/default.aspx?pull=/library/en-us/dnnetsec/html/SecNetHT07.asp public static byte [] ProtectData(byte [] plainIn, ProtectParam flags, string desc) { StringBuilder sb = new StringBuilder(desc); CRYPTOAPI_BLOB blobIn = new CRYPTOAPI_BLOB(); byte [] cipherOut; try { blobIn.cbData = plainIn.Length; //blobIn.pbData = plainIn; //byte[] //blobIn.pbData = Mem.AllocHGlobal(blobIn.cbData); blobIn.pbData = Mem.CryptMemAlloc(blobIn.cbData); Marshal.Copy(plainIn, 0, blobIn.pbData, blobIn.cbData); IntPtr optEntropy = IntPtr.Zero; //CRYPTOAPI_BLOB* IntPtr reserved = IntPtr.Zero; //PVOID IntPtr prompt = IntPtr.Zero; //CRYPTPROTECT_PROMPTSTRUCT* CRYPTOAPI_BLOB dataOut = new CRYPTOAPI_BLOB(); bool retVal = Crypto.CryptProtectData(ref blobIn, sb, optEntropy, reserved, prompt, (uint)flags, ref dataOut); ErrCode ec = Error.HandleRetVal(retVal); cipherOut = new byte[dataOut.cbData]; Marshal.Copy(dataOut.pbData, cipherOut, 0, dataOut.cbData); //Mem.FreeHGlobal(dataOut.pbData); Mem.CryptMemFree(dataOut.pbData); } catch (Exception ex) { throw ex; } finally { if (blobIn.pbData != IntPtr.Zero) { //Mem.FreeHGlobal(blobIn.pbData); Mem.CryptMemFree(blobIn.pbData); } } return(cipherOut); }
public static byte[] Protect(byte[] userData, byte[] optionalEntropy, DataProtectionScope scope) { ProtectParam pf = ProtectParam.UI_FORBIDDEN; if (scope == DataProtectionScope.LocalMachine) { pf = ProtectParam.UI_FORBIDDEN | ProtectParam.LOCAL_MACHINE; } else { pf = ProtectParam.UI_FORBIDDEN; } //TODO handle entropy properly, ignore entropy string entropyDesc = String.Empty; if (optionalEntropy != null) { entropyDesc = Format.GetString(optionalEntropy); } return(Cipher.ProtectData(userData, pf, entropyDesc)); }
//http://www.obviex.com/samples/dpapi.aspx //http://msdn.microsoft.com/security/securecode/dotnet/default.aspx?pull=/library/en-us/dnnetsec/html/SecNetHT07.asp public static byte [] UnprotectData(byte [] cipherIn, ProtectParam flags, out string desc) { desc =null; StringBuilder sb = new StringBuilder(); //TODO not returning properly CRYPTOAPI_BLOB blobIn = new CRYPTOAPI_BLOB(); byte [] plainOut; try { blobIn.cbData = cipherIn.Length; //blobIn.pbData = cipherIn; //byte[] //blobIn.pbData = Mem.AllocHGlobal(blobIn.cbData); blobIn.pbData = Mem.CryptMemAlloc(blobIn.cbData); Marshal.Copy(cipherIn, 0, blobIn.pbData, blobIn.cbData); IntPtr optEntropy = IntPtr.Zero; //CRYPTOAPI_BLOB* IntPtr reserved = IntPtr.Zero; //PVOID IntPtr prompt = IntPtr.Zero; //CRYPTPROTECT_PROMPTSTRUCT* CRYPTOAPI_BLOB dataOut = new CRYPTOAPI_BLOB(); //BUG //bool retVal = Crypto.CryptUnprotectData(ref blobIn, sb, optEntropy, reserved, prompt, (uint) flags, ref dataOut); //desc = sb.ToString(); //Assuming a max size of 99 characters in the description null terminating character IntPtr ppszDescription = Mem.CryptMemAlloc(100); bool retVal = Crypto.CryptUnprotectData(ref blobIn, ref ppszDescription, optEntropy, reserved, prompt, (uint) flags, ref dataOut); desc = Marshal.PtrToStringUni(ppszDescription); Mem.CryptMemFree(ppszDescription); ErrCode ec = Error.HandleRetVal(retVal); plainOut = new byte[dataOut.cbData]; Marshal.Copy(dataOut.pbData, plainOut, 0, dataOut.cbData); //Mem.FreeHGlobal(dataOut.pbData); Mem.CryptMemFree(dataOut.pbData); } catch(Exception ex) { throw ex; } finally { if (blobIn.pbData != IntPtr.Zero) { //Mem.FreeHGlobal(blobIn.pbData); Mem.CryptMemFree(blobIn.pbData); } } return plainOut; }
//http://www.obviex.com/samples/dpapi.aspx //http://msdn.microsoft.com/security/securecode/dotnet/default.aspx?pull=/library/en-us/dnnetsec/html/SecNetHT07.asp public static byte [] ProtectData(byte [] plainIn, ProtectParam flags, string desc) { StringBuilder sb = new StringBuilder(desc); CRYPTOAPI_BLOB blobIn = new CRYPTOAPI_BLOB(); byte [] cipherOut; try { blobIn.cbData = plainIn.Length; //blobIn.pbData = plainIn; //byte[] //blobIn.pbData = Mem.AllocHGlobal(blobIn.cbData); blobIn.pbData = Mem.CryptMemAlloc(blobIn.cbData); Marshal.Copy(plainIn, 0, blobIn.pbData, blobIn.cbData); IntPtr optEntropy = IntPtr.Zero; //CRYPTOAPI_BLOB* IntPtr reserved = IntPtr.Zero; //PVOID IntPtr prompt = IntPtr.Zero; //CRYPTPROTECT_PROMPTSTRUCT* CRYPTOAPI_BLOB dataOut = new CRYPTOAPI_BLOB(); bool retVal = Crypto.CryptProtectData(ref blobIn, sb, optEntropy, reserved, prompt, (uint) flags, ref dataOut); ErrCode ec = Error.HandleRetVal(retVal); cipherOut = new byte[dataOut.cbData]; Marshal.Copy(dataOut.pbData, cipherOut, 0, dataOut.cbData); //Mem.FreeHGlobal(dataOut.pbData); Mem.CryptMemFree(dataOut.pbData); } catch(Exception ex) { throw ex; } finally { if (blobIn.pbData != IntPtr.Zero) { //Mem.FreeHGlobal(blobIn.pbData); Mem.CryptMemFree(blobIn.pbData); } } return cipherOut; }