DataProtector クラス

定義

データ プロテクターの基本クラスを提供します。Provides the base class for data protectors.

public ref class DataProtector abstract
public abstract class DataProtector
type DataProtector = class
Public MustInherit Class DataProtector
継承
DataProtector
派生

次の例では、追加のエントロピのオプションで保護クラスを使用するデータ保護機能を作成する方法を示します。The following example demonstrates how to create a data protector that uses a protection class with an option for extra entropy. 既定では、 DataProtectorクラスは、暗号化するデータに対して目的のプロパティのハッシュを付加します。By default, the DataProtector class prepends the hash of the purpose properties to the data to be encrypted. 追加のエントロピオプションを使用してデータプロテクターを呼び出すときに、その機能を無効にして、ハッシュ化された目的を余分なエントロピとして使用することができます。You can turn that functionality off and use the hashed purpose as extra entropy when calling a data protector with an extra entropy option.

using System;
using System.Security.Permissions;

namespace System.Security.Cryptography
{
    public sealed class MyDataProtector : DataProtector
    {
        public DataProtectionScope Scope { get; set; }
        // This implementation gets the HashedPurpose from the base class and passes it as OptionalEntropy to ProtectedData.
        // The default for DataProtector is to prepend the hash to the plain text, but because we are using the hash 
        // as OptionalEntropy there is no need to prepend it.
        protected override bool PrependHashedPurposeToPlaintext
        {
            get
            {
                return false;
            }
        }
        // To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
        // in the constructor, but Assert the permission when ProviderProtect is called.  This is similar to FileStream
        // where access is checked at time of creation, not time of use.
        [SecuritySafeCritical]
        [DataProtectionPermission(SecurityAction.Assert, ProtectData = true)]
        protected override byte[] ProviderProtect(byte[] userData)
        {
            // Delegate to ProtectedData
            return ProtectedData.Protect(userData, GetHashedPurpose(), Scope);
        }
        // To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
        // in the constructor, but Assert the permission when ProviderUnProtect is called.  This is similar to FileStream
        // where access is checked at time of creation, not time of use.
        [SecuritySafeCritical]
        [DataProtectionPermission(SecurityAction.Assert, UnprotectData = true)]
        protected override byte[] ProviderUnprotect(byte[] encryptedData)
        {
            // Delegate to ProtectedData
            return ProtectedData.Unprotect(encryptedData, GetHashedPurpose(), Scope);
        }
        public override bool IsReprotectRequired(byte[] encryptedData)
        {
            // For now, this cannot be determined, so always return true;
            return true;
        }
        // Public constructor
        // The Demand for DataProtectionPermission is in the constructor because we Assert this permission 
        // in the ProviderProtect/ProviderUnprotect methods. 
        [DataProtectionPermission(SecurityAction.Demand, Unrestricted = true)]
        [SecuritySafeCritical]
        public MyDataProtector(string appName, string primaryPurpose, params string[] specificPurpose)
            : base(appName, primaryPurpose, specificPurpose)
        {
        }
    }
}
Imports System.Security
Imports System.Security.Cryptography
Imports System.Security.Permissions



Public NotInheritable Class MyDataProtector
    Inherits DataProtector

    Public Property Scope() As DataProtectionScope
        Get
            Return Scope
        End Get
        Set(value As DataProtectionScope)
        End Set
    End Property ' This implementation gets the HashedPurpose from the base class and passes it as OptionalEntropy to ProtectedData.
    ' The default for DataProtector is to prepend the hash to the plain text, but because we are using the hash 
    ' as OptionalEntropy there is no need to prepend it.

    Protected Overrides ReadOnly Property PrependHashedPurposeToPlaintext() As Boolean
        Get
            Return False
        End Get
    End Property

    ' To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
    ' in the constructor, but Assert the permission when ProviderProtect is called.  This is similar to FileStream
    ' where access is checked at time of creation, not time of use.
    <SecuritySafeCritical(), DataProtectionPermission(SecurityAction.Assert, ProtectData:=True)> _
    Protected Overrides Function ProviderProtect(ByVal userData() As Byte) As Byte()
        ' Delegate to ProtectedData
        Return ProtectedData.Protect(userData, GetHashedPurpose(), Scope)

    End Function 'ProviderProtect

    ' To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
    ' in the constructor, but Assert the permission when ProviderUnProtect is called.  This is similar to FileStream
    ' where access is checked at time of creation, not time of use.
    <SecuritySafeCritical(), DataProtectionPermission(SecurityAction.Assert, UnprotectData:=True)> _
    Protected Overrides Function ProviderUnprotect(ByVal encryptedData() As Byte) As Byte()
        ' Delegate to ProtectedData
        Return ProtectedData.Unprotect(encryptedData, GetHashedPurpose(), Scope)

    End Function 'ProviderUnprotect

    Public Overrides Function IsReprotectRequired(ByVal encryptedData() As Byte) As Boolean
        ' For now, this cannot be determined, so always return true;
        Return True

    End Function 'IsReprotectRequired

    ' Public constructor
    ' The Demand for DataProtectionPermission is in the constructor because we Assert this permission 
    ' in the ProviderProtect/ProviderUnprotect methods. 
    <DataProtectionPermission(SecurityAction.Demand, Unrestricted:=True), SecuritySafeCritical()> _
    Public Sub New(ByVal appName As String, ByVal primaryPurpose As String, ParamArray specificPurpose() As String)
        MyBase.New(appName, primaryPurpose, specificPurpose)

    End Sub
End Class

クラスの機能PrependHashedPurposeToPlaintextを使用する単純なデータプロテクターの例を次に示します。 DataProtectorThe following example demonstrates a simple data protector that uses the PrependHashedPurposeToPlaintext functionality of the DataProtector class.

using System;
using System.Security.Permissions;

namespace System.Security.Cryptography
{
    public sealed class MemoryProtector : DataProtector
    {
        public MemoryProtectionScope Scope { get; set; }
        protected override bool PrependHashedPurposeToPlaintext 
        {
            get
            {
                // Signal the DataProtector to prepend the hash of the purpose to the data.
                return true;
            }
        }
        // To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
        // in the constructor, but Assert the permission when ProviderProtect is called.  This is similar to FileStream
        // where access is checked at time of creation, not time of use.
        [SecuritySafeCritical]
        [DataProtectionPermission(SecurityAction.Assert, ProtectData = true)]
        protected override byte[] ProviderProtect(byte[] userData)
        {
            
            // Delegate to ProtectedData
            ProtectedMemory.Protect(userData, Scope);
            return userData;
        }
        // To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
        // in the constructor, but Assert the permission when ProviderUnprotect is called..  This is similar to FileStream
        // where access is checked at time of creation, not time of use.
        [SecuritySafeCritical]
        [DataProtectionPermission(SecurityAction.Assert, UnprotectData = true)]
        protected override byte[] ProviderUnprotect(byte[] encryptedData)
        {

            ProtectedMemory.Unprotect(encryptedData,Scope);           
                return encryptedData;
        }

        public override bool IsReprotectRequired(byte[] encryptedData)
        {
            // For now, this cannot be determined so always return true.
            return true;
        }
        // Public constructor
        // The Demand for DataProtectionPermission is in the constructor because we Assert this permission 
        // in the ProviderProtect/ProviderUnprotect methods. 
        [DataProtectionPermission(SecurityAction.Demand, Unrestricted = true)]
        [SecuritySafeCritical]
        public MemoryProtector(string appName, string primaryPurpose, params string[] specificPurpose)
            : base(appName, primaryPurpose, specificPurpose)
        {
        }
    }
}
Imports System.Security
Imports System.Security.Permissions
Imports System.Security.Cryptography



Public NotInheritable Class MemoryProtector
    Inherits DataProtector

    Public Property Scope() As MemoryProtectionScope
        Get
            Return Scope
        End Get
        Set(value As MemoryProtectionScope)
        End Set
    End Property

    Protected Overrides ReadOnly Property PrependHashedPurposeToPlaintext() As Boolean
        Get
            ' Signal the DataProtector to prepend the hash of the purpose to the data.
            Return True
        End Get
    End Property

    ' To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
    ' in the constructor, but Assert the permission when ProviderProtect is called.  This is similar to FileStream
    ' where access is checked at time of creation, not time of use.
    <SecuritySafeCritical(), DataProtectionPermission(SecurityAction.Assert, ProtectData:=True)> _
    Protected Overrides Function ProviderProtect(ByVal userData() As Byte) As Byte()

        ' Delegate to ProtectedData
        ProtectedMemory.Protect(userData, Scope)
        Return userData

    End Function 'ProviderProtect

    ' To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
    ' in the constructor, but Assert the permission when ProviderUnprotect is called..  This is similar to FileStream
    ' where access is checked at time of creation, not time of use.
    <SecuritySafeCritical(), DataProtectionPermission(SecurityAction.Assert, UnprotectData:=True)> _
    Protected Overrides Function ProviderUnprotect(ByVal encryptedData() As Byte) As Byte()

        ProtectedMemory.Unprotect(encryptedData, Scope)
        Return encryptedData

    End Function 'ProviderUnprotect

    Public Overrides Function IsReprotectRequired(ByVal encryptedData() As Byte) As Boolean
        ' For now, this cannot be determined so always return true.
        Return True

    End Function 'IsReprotectRequired

    ' Public constructor
    ' The Demand for DataProtectionPermission is in the constructor because we Assert this permission 
    ' in the ProviderProtect/ProviderUnprotect methods. 
    <DataProtectionPermission(SecurityAction.Demand, Unrestricted:=True), SecuritySafeCritical()> _
    Public Sub New(ByVal appName As String, ByVal primaryPurpose As String, ParamArray specificPurpose() As String)
        MyBase.New(appName, primaryPurpose, specificPurpose)

    End Sub
End Class

注釈

このクラスは、格納されているデータの表示や改ざんを防止します。This class protects stored data from viewing and tampering. 保護されたデータへのアクセスは、このクラスのインスタンスを作成し、データの保護に使用された正確な目的の文字列を使用することによって取得されます。The access to the protected data is obtained by creating an instance of this class and using the exact purpose strings that were used to protect the data. 呼び出し元には、データを保護または保護解除するためのキーは必要ありません。The caller does not need a key to either protect or unprotect the data. キーは暗号化アルゴリズムによって提供されます。The key is provided by the encryption algorithm.

派生クラスは、 ProviderProtect DataProtector基底クラスUnprotectがコールバックするメソッドとメソッドをオーバーライドする必要があります。Derived classes must override the ProviderProtect and Unprotect methods, which the DataProtector base class calls back into. また、 IsReprotectRequiredメソッドをオーバーライドする必要があります。 trueこのメソッドは、アプリケーションが格納されている暗号テキストのデータベースを更新するときに、効率が低下する可能性がある場合に常に返すことができます。They must also override the IsReprotectRequired method, which can always return true with a potential small loss of efficiency when applications refresh their database of stored cipher text. 派生クラスは、、 ApplicationName SpecificPurposes、およびPrimaryPurposeの各プロパティを設定する基底クラスのコンストラクターを呼び出すコンストラクターを提供する必要があります。Derived classes should provide a constructor that calls the base class constructor, which sets the ApplicationName, SpecificPurposes, and PrimaryPurpose properties.

コンストラクター

DataProtector(String, String, String[])

指定したアプリケーション名、主な目的、および特定の目的を使用して、DataProtector クラスの新しいインスタンスを作成します。Creates a new instance of the DataProtector class by using the provided application name, primary purpose, and specific purposes.

プロパティ

ApplicationName

アプリケーションの名前を取得します。Gets the name of the application.

PrependHashedPurposeToPlaintext

暗号化前のテキスト配列にハッシュを付加するかどうかを指定します。Specifies whether the hash is prepended to the text array before encryption.

PrimaryPurpose

保護されたデータの主な目的を取得します。Gets the primary purpose for the protected data.

SpecificPurposes

保護されたデータの特定の目的を取得します。Gets the specific purposes for the protected data.

メソッド

Create(String, String, String, String[])

指定したデータ プロテクターのクラス名、アプリケーション名、主な目的、特定の目的を使用して、データ プロテクターの実装のインスタンスを作成します。Creates an instance of a data protector implementation by using the specified class name of the data protector, the application name, the primary purpose, and the specific purposes.

Equals(Object)

指定されたオブジェクトが現在のオブジェクトと等しいかどうかを判定します。Determines whether the specified object is equal to the current object.

(継承元 Object)
GetHashCode()

既定のハッシュ関数として機能します。Serves as the default hash function.

(継承元 Object)
GetHashedPurpose()

コンストラクターで指定されたプロパティ値のハッシュを作成します。Creates a hash of the property values specified by the constructor.

GetType()

現在のインスタンスの Type を取得します。Gets the Type of the current instance.

(継承元 Object)
IsReprotectRequired(Byte[])

指定した暗号化データを再び暗号化する必要があるかどうかを判断します。Determines if re-encryption is required for the specified encrypted data.

MemberwiseClone()

現在の Object の簡易コピーを作成します。Creates a shallow copy of the current Object.

(継承元 Object)
Protect(Byte[])

指定したユーザー データを保護します。Protects the specified user data.

ProviderProtect(Byte[])

基本クラスの Protect(Byte[]) メソッドがコールバックする、派生クラスのデリゲート メソッドを指定します。Specifies the delegate method in the derived class that the Protect(Byte[]) method in the base class calls back into.

ProviderUnprotect(Byte[])

基本クラスの Unprotect(Byte[]) メソッドがコールバックする、派生クラスのデリゲート メソッドを指定します。Specifies the delegate method in the derived class that the Unprotect(Byte[]) method in the base class calls back into.

ToString()

現在のオブジェクトを表す string を返します。Returns a string that represents the current object.

(継承元 Object)
Unprotect(Byte[])

指定された保護されたデータの保護を解除します。Unprotects the specified protected data.

適用対象