DataProtector DataProtector DataProtector DataProtector Class

Définition

Fournit la classe de base pour les protecteurs de données.Provides the base class for data protectors.

public ref class DataProtector abstract
public abstract class DataProtector
type DataProtector = class
Public MustInherit Class DataProtector
Héritage
DataProtectorDataProtectorDataProtectorDataProtector
Dérivé

Exemples

L’exemple suivant montre comment créer un protecteur de données qui utilise une classe de protection avec une option pour l’entropie supplémentaire.The following example demonstrates how to create a data protector that uses a protection class with an option for extra entropy. Par défaut, la DataProtector classe ajoute le hachage des propriétés d’objectif aux données à chiffrer.By default, the DataProtector class prepends the hash of the purpose properties to the data to be encrypted. Vous pouvez désactiver cette fonctionnalité et utiliser l’effet haché comme entropie supplémentaire lors de l’appel d’un protecteur de données avec une option d’entropie supplémentaire.You can turn that functionality off and use the hashed purpose as extra entropy when calling a data protector with an extra entropy option.

using System;
using System.Security.Permissions;

namespace System.Security.Cryptography
{
    public sealed class MyDataProtector : DataProtector
    {
        public DataProtectionScope Scope { get; set; }
        // This implementation gets the HashedPurpose from the base class and passes it as OptionalEntropy to ProtectedData.
        // The default for DataProtector is to prepend the hash to the plain text, but because we are using the hash 
        // as OptionalEntropy there is no need to prepend it.
        protected override bool PrependHashedPurposeToPlaintext
        {
            get
            {
                return false;
            }
        }
        // To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
        // in the constructor, but Assert the permission when ProviderProtect is called.  This is similar to FileStream
        // where access is checked at time of creation, not time of use.
        [SecuritySafeCritical]
        [DataProtectionPermission(SecurityAction.Assert, ProtectData = true)]
        protected override byte[] ProviderProtect(byte[] userData)
        {
            // Delegate to ProtectedData
            return ProtectedData.Protect(userData, GetHashedPurpose(), Scope);
        }
        // To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
        // in the constructor, but Assert the permission when ProviderUnProtect is called.  This is similar to FileStream
        // where access is checked at time of creation, not time of use.
        [SecuritySafeCritical]
        [DataProtectionPermission(SecurityAction.Assert, UnprotectData = true)]
        protected override byte[] ProviderUnprotect(byte[] encryptedData)
        {
            // Delegate to ProtectedData
            return ProtectedData.Unprotect(encryptedData, GetHashedPurpose(), Scope);
        }
        public override bool IsReprotectRequired(byte[] encryptedData)
        {
            // For now, this cannot be determined, so always return true;
            return true;
        }
        // Public constructor
        // The Demand for DataProtectionPermission is in the constructor because we Assert this permission 
        // in the ProviderProtect/ProviderUnprotect methods. 
        [DataProtectionPermission(SecurityAction.Demand, Unrestricted = true)]
        [SecuritySafeCritical]
        public MyDataProtector(string appName, string primaryPurpose, params string[] specificPurpose)
            : base(appName, primaryPurpose, specificPurpose)
        {
        }
    }
}
Imports System.Security
Imports System.Security.Cryptography
Imports System.Security.Permissions



Public NotInheritable Class MyDataProtector
    Inherits DataProtector

    Public Property Scope() As DataProtectionScope
        Get
            Return Scope
        End Get
        Set(value As DataProtectionScope)
        End Set
    End Property ' This implementation gets the HashedPurpose from the base class and passes it as OptionalEntropy to ProtectedData.
    ' The default for DataProtector is to prepend the hash to the plain text, but because we are using the hash 
    ' as OptionalEntropy there is no need to prepend it.

    Protected Overrides ReadOnly Property PrependHashedPurposeToPlaintext() As Boolean
        Get
            Return False
        End Get
    End Property

    ' To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
    ' in the constructor, but Assert the permission when ProviderProtect is called.  This is similar to FileStream
    ' where access is checked at time of creation, not time of use.
    <SecuritySafeCritical(), DataProtectionPermission(SecurityAction.Assert, ProtectData:=True)> _
    Protected Overrides Function ProviderProtect(ByVal userData() As Byte) As Byte()
        ' Delegate to ProtectedData
        Return ProtectedData.Protect(userData, GetHashedPurpose(), Scope)

    End Function 'ProviderProtect

    ' To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
    ' in the constructor, but Assert the permission when ProviderUnProtect is called.  This is similar to FileStream
    ' where access is checked at time of creation, not time of use.
    <SecuritySafeCritical(), DataProtectionPermission(SecurityAction.Assert, UnprotectData:=True)> _
    Protected Overrides Function ProviderUnprotect(ByVal encryptedData() As Byte) As Byte()
        ' Delegate to ProtectedData
        Return ProtectedData.Unprotect(encryptedData, GetHashedPurpose(), Scope)

    End Function 'ProviderUnprotect

    Public Overrides Function IsReprotectRequired(ByVal encryptedData() As Byte) As Boolean
        ' For now, this cannot be determined, so always return true;
        Return True

    End Function 'IsReprotectRequired

    ' Public constructor
    ' The Demand for DataProtectionPermission is in the constructor because we Assert this permission 
    ' in the ProviderProtect/ProviderUnprotect methods. 
    <DataProtectionPermission(SecurityAction.Demand, Unrestricted:=True), SecuritySafeCritical()> _
    Public Sub New(ByVal appName As String, ByVal primaryPurpose As String, ParamArray specificPurpose() As String)
        MyBase.New(appName, primaryPurpose, specificPurpose)

    End Sub
End Class 'MyDataProtector

L’exemple suivant montre un protecteur de données simple qui utilise PrependHashedPurposeToPlaintext les fonctionnalités de DataProtector la classe.The following example demonstrates a simple data protector that uses the PrependHashedPurposeToPlaintext functionality of the DataProtector class.

using System;
using System.Security.Permissions;

namespace System.Security.Cryptography
{
    public sealed class MemoryProtector : DataProtector
    {
        public MemoryProtectionScope Scope { get; set; }
        protected override bool PrependHashedPurposeToPlaintext 
        {
            get
            {
                // Signal the DataProtector to prepend the hash of the purpose to the data.
                return true;
            }
        }
        // To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
        // in the constructor, but Assert the permission when ProviderProtect is called.  This is similar to FileStream
        // where access is checked at time of creation, not time of use.
        [SecuritySafeCritical]
        [DataProtectionPermission(SecurityAction.Assert, ProtectData = true)]
        protected override byte[] ProviderProtect(byte[] userData)
        {
            
            // Delegate to ProtectedData
            ProtectedMemory.Protect(userData, Scope);
            return userData;
        }
        // To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
        // in the constructor, but Assert the permission when ProviderUnprotect is called..  This is similar to FileStream
        // where access is checked at time of creation, not time of use.
        [SecuritySafeCritical]
        [DataProtectionPermission(SecurityAction.Assert, UnprotectData = true)]
        protected override byte[] ProviderUnprotect(byte[] encryptedData)
        {

            ProtectedMemory.Unprotect(encryptedData,Scope);           
                return encryptedData;
        }

        public override bool IsReprotectRequired(byte[] encryptedData)
        {
            // For now, this cannot be determined so always return true.
            return true;
        }
        // Public constructor
        // The Demand for DataProtectionPermission is in the constructor because we Assert this permission 
        // in the ProviderProtect/ProviderUnprotect methods. 
        [DataProtectionPermission(SecurityAction.Demand, Unrestricted = true)]
        [SecuritySafeCritical]
        public MemoryProtector(string appName, string primaryPurpose, params string[] specificPurpose)
            : base(appName, primaryPurpose, specificPurpose)
        {
        }
    }
}
Imports System.Security
Imports System.Security.Permissions
Imports System.Security.Cryptography



Public NotInheritable Class MemoryProtector
    Inherits DataProtector

    Public Property Scope() As MemoryProtectionScope
        Get
            Return Scope
        End Get
        Set(value As MemoryProtectionScope)
        End Set
    End Property

    Protected Overrides ReadOnly Property PrependHashedPurposeToPlaintext() As Boolean
        Get
            ' Signal the DataProtector to prepend the hash of the purpose to the data.
            Return True
        End Get
    End Property

    ' To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
    ' in the constructor, but Assert the permission when ProviderProtect is called.  This is similar to FileStream
    ' where access is checked at time of creation, not time of use.
    <SecuritySafeCritical(), DataProtectionPermission(SecurityAction.Assert, ProtectData:=True)> _
    Protected Overrides Function ProviderProtect(ByVal userData() As Byte) As Byte()

        ' Delegate to ProtectedData
        ProtectedMemory.Protect(userData, Scope)
        Return userData

    End Function 'ProviderProtect

    ' To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
    ' in the constructor, but Assert the permission when ProviderUnprotect is called..  This is similar to FileStream
    ' where access is checked at time of creation, not time of use.
    <SecuritySafeCritical(), DataProtectionPermission(SecurityAction.Assert, UnprotectData:=True)> _
    Protected Overrides Function ProviderUnprotect(ByVal encryptedData() As Byte) As Byte()

        ProtectedMemory.Unprotect(encryptedData, Scope)
        Return encryptedData

    End Function 'ProviderUnprotect

    Public Overrides Function IsReprotectRequired(ByVal encryptedData() As Byte) As Boolean
        ' For now, this cannot be determined so always return true.
        Return True

    End Function 'IsReprotectRequired

    ' Public constructor
    ' The Demand for DataProtectionPermission is in the constructor because we Assert this permission 
    ' in the ProviderProtect/ProviderUnprotect methods. 
    <DataProtectionPermission(SecurityAction.Demand, Unrestricted:=True), SecuritySafeCritical()> _
    Public Sub New(ByVal appName As String, ByVal primaryPurpose As String, ParamArray specificPurpose() As String)
        MyBase.New(appName, primaryPurpose, specificPurpose)

    End Sub
End Class 'MemoryProtector

Remarques

Cette classe protège les données stockées de l’affichage et de la falsification.This class protects stored data from viewing and tampering. L’accès aux données protégées est obtenu en créant une instance de cette classe et en utilisant les chaînes à usage exact qui ont été utilisées pour protéger les données.The access to the protected data is obtained by creating an instance of this class and using the exact purpose strings that were used to protect the data. L’appelant n’a pas besoin d’une clé pour protéger ou ôter la protection des données.The caller does not need a key to either protect or unprotect the data. La clé est fournie par l’algorithme de chiffrement.The key is provided by the encryption algorithm.

Les classes dérivées doivent substituer Unprotect les ProviderProtect méthodes et, DataProtector que la classe de base rappelle.Derived classes must override the ProviderProtect and Unprotect methods, which the DataProtector base class calls back into. Ils doivent également substituer la IsReprotectRequired méthode, qui peut toujours retourner true avec une faible perte d’efficacité lorsque les applications actualisent leur base de données de texte de chiffrement stocké.They must also override the IsReprotectRequired method, which can always return true with a potential small loss of efficiency when applications refresh their database of stored cipher text. Les classes dérivées doivent fournir un constructeur qui appelle le constructeur de classe de base ApplicationName, SpecificPurposesqui définit PrimaryPurpose les propriétés, et.Derived classes should provide a constructor that calls the base class constructor, which sets the ApplicationName, SpecificPurposes, and PrimaryPurpose properties.

Constructeurs

DataProtector(String, String, String[]) DataProtector(String, String, String[]) DataProtector(String, String, String[]) DataProtector(String, String, String[])

Crée une instance de la classe DataProtector en utilisant le nom d'application, l'objectif principal et les objectifs spécifiques fournis.Creates a new instance of the DataProtector class by using the provided application name, primary purpose, and specific purposes.

Propriétés

ApplicationName ApplicationName ApplicationName ApplicationName

Obtient le nom de l'application.Gets the name of the application.

PrependHashedPurposeToPlaintext PrependHashedPurposeToPlaintext PrependHashedPurposeToPlaintext PrependHashedPurposeToPlaintext

Spécifie si le hachage est ajouté au tableau de texte avant le chiffrement.Specifies whether the hash is prepended to the text array before encryption.

PrimaryPurpose PrimaryPurpose PrimaryPurpose PrimaryPurpose

Obtient l'objectif principal des données protégées.Gets the primary purpose for the protected data.

SpecificPurposes SpecificPurposes SpecificPurposes SpecificPurposes

Obtient les objectifs spécifiques des données protégées.Gets the specific purposes for the protected data.

Méthodes

Create(String, String, String, String[]) Create(String, String, String, String[]) Create(String, String, String, String[]) Create(String, String, String, String[])

Crée une instance d'une implémentation de protecteur de données à l'aide du nom de classe spécifié du protecteur de données, du nom de l'application, de l'objectif principal et des objectifs spécifiques.Creates an instance of a data protector implementation by using the specified class name of the data protector, the application name, the primary purpose, and the specific purposes.

Equals(Object) Equals(Object) Equals(Object) Equals(Object)

Détermine si l'objet spécifié est identique à l'objet actuel.Determines whether the specified object is equal to the current object.

(Inherited from Object)
GetHashCode() GetHashCode() GetHashCode() GetHashCode()

Fait office de fonction de hachage par défaut.Serves as the default hash function.

(Inherited from Object)
GetHashedPurpose() GetHashedPurpose() GetHashedPurpose() GetHashedPurpose()

Crée un hachage des valeurs de propriétés spécifiées par le constructeur.Creates a hash of the property values specified by the constructor.

GetType() GetType() GetType() GetType()

Obtient le Type de l'instance actuelle.Gets the Type of the current instance.

(Inherited from Object)
IsReprotectRequired(Byte[]) IsReprotectRequired(Byte[]) IsReprotectRequired(Byte[]) IsReprotectRequired(Byte[])

Détermine si le re-chiffrement est requis pour les données chiffrées spécifiées.Determines if re-encryption is required for the specified encrypted data.

MemberwiseClone() MemberwiseClone() MemberwiseClone() MemberwiseClone()

Crée une copie superficielle de l'objet Object actuel.Creates a shallow copy of the current Object.

(Inherited from Object)
Protect(Byte[]) Protect(Byte[]) Protect(Byte[]) Protect(Byte[])

Protège les données utilisateur spécifiées.Protects the specified user data.

ProviderProtect(Byte[]) ProviderProtect(Byte[]) ProviderProtect(Byte[]) ProviderProtect(Byte[])

Spécifie la méthode déléguée dans la classe dérivée appelée par la méthode Protect(Byte[]) dans la classe de base.Specifies the delegate method in the derived class that the Protect(Byte[]) method in the base class calls back into.

ProviderUnprotect(Byte[]) ProviderUnprotect(Byte[]) ProviderUnprotect(Byte[]) ProviderUnprotect(Byte[])

Spécifie la méthode déléguée dans la classe dérivée appelée par la méthode Unprotect(Byte[]) dans la classe de base.Specifies the delegate method in the derived class that the Unprotect(Byte[]) method in the base class calls back into.

ToString() ToString() ToString() ToString()

Retourne une chaîne qui représente l'objet actuel.Returns a string that represents the current object.

(Inherited from Object)
Unprotect(Byte[]) Unprotect(Byte[]) Unprotect(Byte[]) Unprotect(Byte[])

Ôte la protection des données protégées spécifiées.Unprotects the specified protected data.

S’applique à