DpapiDataProtector 类
定义
提供简单数据保护方法。Provides simple data protection methods.
public ref class DpapiDataProtector sealed : System::Security::Cryptography::DataProtector
public sealed class DpapiDataProtector : System.Security.Cryptography.DataProtector
type DpapiDataProtector = class
inherit DataProtector
Public NotInheritable Class DpapiDataProtector
Inherits DataProtector
- 继承
注解
DpapiDataProtector类提供了一种结构化的方法来通过使用类来保护数据 ProtectedData 。The DpapiDataProtector class provides a structured way to protect data by using the ProtectedData class. 类构造函数具有一些用途参数,这些参数的作用类似于密码来标识受保护的数据。The class constructor has purpose parameters that serve like a password to identify the protected data. 所有三个参数都将进行哈希处理,并作为加密的数据字符串的一部分包含在内。All three parameters are hashed and included as part of the encrypted data string. 您必须知道用于取消数据保护的用途参数。You must know the purpose parameters to unprotect the data. ProtectedData.Protect用于加密数据的方法具有一个 optionalEntropy 参数,该参数允许你添加限定信息以更安全地加密数据。The ProtectedData.Protect method that is called to encrypt the data has an optionalEntropy parameter that allows you to add qualifying information to encrypt the data more securely. 用途参数的哈希值用于可选的平均信息量。The hash of the purpose parameters is used for optional entropy. 由于不需要密钥来解密数据,因此请仔细选择用途数据,从而向数据保护添加另一个安全级别。Because you do not need a key to decrypt the data, carefully choosing the purpose data adds another level of security to data protection.
如果使用 Scope 设置 CurrentUser ,则只有具有与加密数据的用户匹配的登录凭据的用户才能解密数据。If you use a Scope setting of CurrentUser, only a user with logon credentials that match those of the user who encrypted the data can decrypt the data. 此外,解密通常只能在加密数据的计算机上进行。In addition, decryption usually can be done only on the computer where the data was encrypted. 用于加密数据的 Windows 函数将创建用于执行加密的会话密钥。The Windows function that encrypts the data creates a session key to perform the encryption. 当数据要解密时,将再次派生会话密钥。The session key is derived again when the data is to be decrypted. 有关如何使用会话密钥保护数据的详细说明,请参阅 Windows 数据保护。For a detailed description of how data is protected by using session keys, see Windows Data Protection.
如果在 Scope 保护数据时使用的设置, LocalMachine 但不仔细标识用途参数,则该计算机上知道用途的任何其他应用程序都可以访问和取消对数据的保护。If you use a Scope setting of LocalMachine when protecting the data and do not carefully identify the purpose parameters, any other application on that computer that knows the purposes can access and unprotect the data.
构造函数
| DpapiDataProtector(String, String, String[]) |
使用指定应用程序名称、主要用途和具体目的,创建 DpapiDataProtector 类的新实例。Creates a new instance of the DpapiDataProtector class by using the specified application name, primary purpose, and specific purposes. |
属性
| ApplicationName |
获取应用程序的名称。Gets the name of the application. (继承自 DataProtector) |
| PrependHashedPurposeToPlaintext |
指定哈希是否已附加到加密前的文本数组。Specifies whether the hash is prepended to the text array before encryption. (继承自 DataProtector) |
| PrimaryPurpose |
获取保护的数据的主要目的。Gets the primary purpose for the protected data. (继承自 DataProtector) |
| Scope |
获取或设置数据保护的范围。Gets or sets the scope of the data protection. |
| SpecificPurposes |
获取保护数据的指定目的。Gets the specific purposes for the protected data. (继承自 DataProtector) |
方法
| Equals(Object) |
确定指定对象是否等于当前对象。Determines whether the specified object is equal to the current object. (继承自 Object) |
| GetHashCode() |
作为默认哈希函数。Serves as the default hash function. (继承自 Object) |
| GetHashedPurpose() |
创建由构造函数指定的属性值的哈希。Creates a hash of the property values specified by the constructor. (继承自 DataProtector) |
| GetType() |
获取当前实例的 Type。Gets the Type of the current instance. (继承自 Object) |
| IsReprotectRequired(Byte[]) |
确定如果数据必须加再密数据。Determines if the data must be re-encrypted. |
| MemberwiseClone() |
创建当前 Object 的浅表副本。Creates a shallow copy of the current Object. (继承自 Object) |
| Protect(Byte[]) |
保护指定用户数据。Protects the specified user data. (继承自 DataProtector) |
| ProviderProtect(Byte[]) |
指定基类中回调的 Protect(Byte[]) 方法中派生类的委托方法。Specifies the delegate method in the derived class that the Protect(Byte[]) method in the base class calls back into. (继承自 DataProtector) |
| ProviderUnprotect(Byte[]) |
指定基类中回调的 Unprotect(Byte[]) 方法中派生类的委托方法。Specifies the delegate method in the derived class that the Unprotect(Byte[]) method in the base class calls back into. (继承自 DataProtector) |
| ToString() |
返回表示当前对象的字符串。Returns a string that represents the current object. (继承自 Object) |
| Unprotect(Byte[]) |
取消对指定保护数据保护。Unprotects the specified protected data. (继承自 DataProtector) |