DataProtectionProvider 類別
定義
重要
部分資訊涉及發行前產品,在發行之前可能會有大幅修改。 Microsoft 對此處提供的資訊,不做任何明確或隱含的瑕疵擔保。
表示密碼編譯提供者,可用來以非同步方式加密和解密靜態資料或資料流程。
public ref class DataProtectionProvider sealed/// [Windows.Foundation.Metadata.Activatable(Windows.Security.Cryptography.DataProtection.IDataProtectionProviderFactory, 65536, Windows.Foundation.UniversalApiContract)]
/// [Windows.Foundation.Metadata.Activatable(65536, Windows.Foundation.UniversalApiContract)]
/// [Windows.Foundation.Metadata.ContractVersion(Windows.Foundation.UniversalApiContract, 65536)]
/// [Windows.Foundation.Metadata.MarshalingBehavior(Windows.Foundation.Metadata.MarshalingType.Agile)]
/// [Windows.Foundation.Metadata.Threading(Windows.Foundation.Metadata.ThreadingModel.Both)]
class DataProtectionProvider final/// [Windows.Foundation.Metadata.ContractVersion(Windows.Foundation.UniversalApiContract, 65536)]
/// [Windows.Foundation.Metadata.MarshalingBehavior(Windows.Foundation.Metadata.MarshalingType.Agile)]
/// [Windows.Foundation.Metadata.Threading(Windows.Foundation.Metadata.ThreadingModel.Both)]
/// [Windows.Foundation.Metadata.Activatable(65536, "Windows.Foundation.UniversalApiContract")]
/// [Windows.Foundation.Metadata.Activatable(Windows.Security.Cryptography.DataProtection.IDataProtectionProviderFactory, 65536, "Windows.Foundation.UniversalApiContract")]
class DataProtectionProvider final[Windows.Foundation.Metadata.Activatable(typeof(Windows.Security.Cryptography.DataProtection.IDataProtectionProviderFactory), 65536, typeof(Windows.Foundation.UniversalApiContract))]
[Windows.Foundation.Metadata.Activatable(65536, typeof(Windows.Foundation.UniversalApiContract))]
[Windows.Foundation.Metadata.ContractVersion(typeof(Windows.Foundation.UniversalApiContract), 65536)]
[Windows.Foundation.Metadata.MarshalingBehavior(Windows.Foundation.Metadata.MarshalingType.Agile)]
[Windows.Foundation.Metadata.Threading(Windows.Foundation.Metadata.ThreadingModel.Both)]
public sealed class DataProtectionProvider[Windows.Foundation.Metadata.ContractVersion(typeof(Windows.Foundation.UniversalApiContract), 65536)]
[Windows.Foundation.Metadata.MarshalingBehavior(Windows.Foundation.Metadata.MarshalingType.Agile)]
[Windows.Foundation.Metadata.Threading(Windows.Foundation.Metadata.ThreadingModel.Both)]
[Windows.Foundation.Metadata.Activatable(65536, "Windows.Foundation.UniversalApiContract")]
[Windows.Foundation.Metadata.Activatable(typeof(Windows.Security.Cryptography.DataProtection.IDataProtectionProviderFactory), 65536, "Windows.Foundation.UniversalApiContract")]
public sealed class DataProtectionProviderfunction DataProtectionProvider(protectionDescriptor)Public NotInheritable Class DataProtectionProvider- 繼承
- 屬性
Windows 需求
| 裝置系列 |
Windows 10 (已於 10.0.10240.0 引進)
|
| API contract |
Windows.Foundation.UniversalApiContract (已於 v1.0 引進)
|
範例
下列範例示範如何保護靜態資料。
using Windows.Security.Cryptography;
using Windows.Security.Cryptography.DataProtection;
using Windows.Storage.Streams;
using System.Threading.Tasks;
namespace SampleProtectAsync
{
sealed partial class StaticDataProtectionApp : Application
{
public StaticDataProtectionApp()
{
// Initialize the application.
this.InitializeComponent();
// Protect data asynchronously.
this.Protect();
}
public async void Protect()
{
// Initialize function arguments.
String strMsg = "This is a message to be protected.";
String strDescriptor = "LOCAL=user";
BinaryStringEncoding encoding = BinaryStringEncoding.Utf8;
// Protect a message to the local user.
IBuffer buffProtected = await this.SampleProtectAsync(
strMsg,
strDescriptor,
encoding);
// Decrypt the previously protected message.
String strDecrypted = await this.SampleUnprotectData(
buffProtected,
encoding);
}
public async Task<IBuffer> SampleProtectAsync(
String strMsg,
String strDescriptor,
BinaryStringEncoding encoding)
{
// Create a DataProtectionProvider object for the specified descriptor.
DataProtectionProvider Provider = new DataProtectionProvider(strDescriptor);
// Encode the plaintext input message to a buffer.
encoding = BinaryStringEncoding.Utf8;
IBuffer buffMsg = CryptographicBuffer.ConvertStringToBinary(strMsg, encoding);
// Encrypt the message.
IBuffer buffProtected = await Provider.ProtectAsync(buffMsg);
// Execution of the SampleProtectAsync function resumes here
// after the awaited task (Provider.ProtectAsync) completes.
return buffProtected;
}
public async Task<String> SampleUnprotectData(
IBuffer buffProtected,
BinaryStringEncoding encoding)
{
// Create a DataProtectionProvider object.
DataProtectionProvider Provider = new DataProtectionProvider();
// Decrypt the protected message specified on input.
IBuffer buffUnprotected = await Provider.UnprotectAsync(buffProtected);
// Execution of the SampleUnprotectData method resumes here
// after the awaited task (Provider.UnprotectAsync) completes
// Convert the unprotected message from an IBuffer object to a string.
String strClearText = CryptographicBuffer.ConvertBinaryToString(encoding, buffUnprotected);
// Return the plaintext string.
return strClearText;
}
}
}
using Windows.Security.Cryptography;
using Windows.Security.Cryptography.DataProtection;
using Windows.Storage.Streams;
using System.Threading.Tasks;
namespace SampleProtectStreamAsync
{
sealed partial class StreamDataProtectionApp : Application
{
public StreamDataProtectionApp()
{
// Initialize the application.
this.InitializeComponent();
// Protect a stream synchronously
this.ProtectData();
}
public async void ProtectData()
{
// Initialize function arguments.
String strDescriptor = "LOCAL=user";
String strLoremIpsum = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse elementum "
+ "ullamcorper eros, vitae gravida nunc consequat sollicitudin. Vivamus lacinia, "
+ "diam a molestie porttitor, sapien neque volutpat est, non suscipit leo dolor "
+ "sit amet nisl. Praesent tincidunt tincidunt quam ut pharetra. Sed tincidunt "
+ "sit amet nisl. Praesent tincidunt tincidunt quam ut pharetra. Sed tincidunt "
+ "porttitor massa, at convallis dolor dictum suscipit. Nullam vitae lectus in "
+ "lorem scelerisque convallis sed scelerisque orci. Praesent sed ligula vel erat "
+ "eleifend tempus. Nullam dignissim aliquet mauris a aliquet. Nulla augue justo, "
+ "posuere a consectetur ut, suscipit et sem. Proin eu libero ut felis tincidunt "
+ "interdum. Curabitur vulputate eros nec sapien elementum ut dapibus eros "
+ "dapibus. Suspendisse quis dui dolor, non imperdiet leo. In consequat, odio nec "
+ "aliquam tincidunt, magna enim ultrices massa, ac pharetra est urna at arcu. "
+ "Nunc suscipit, velit non interdum suscipit, lectus lectus auctor tortor, quis "
+ "ultrices orci felis in dolor. Etiam congue pretium libero eu vestibulum. "
+ "Mauris bibendum erat eleifend nibh consequat eu pharetra metus convallis. "
+ "Morbi sem eros, venenatis vel vestibulum consequat, hendrerit rhoncus purus.";
BinaryStringEncoding encoding = BinaryStringEncoding.Utf16BE;
// Encrypt the data as a stream.
IBuffer buffProtected = await this.SampleDataProtectionStream(
strDescriptor,
strLoremIpsum,
encoding);
// Decrypt a data stream.
String strUnprotected = await this.SampleDataUnprotectStream(
buffProtected,
encoding);
}
public async Task<IBuffer> SampleDataProtectionStream(
String descriptor,
String strMsg,
BinaryStringEncoding encoding)
{
// Create a DataProtectionProvider object for the specified descriptor.
DataProtectionProvider Provider = new DataProtectionProvider(descriptor);
// Convert the input string to a buffer.
IBuffer buffMsg = CryptographicBuffer.ConvertStringToBinary(strMsg, encoding);
// Create a random access stream to contain the plaintext message.
InMemoryRandomAccessStream inputData = new InMemoryRandomAccessStream();
// Create a random access stream to contain the encrypted message.
InMemoryRandomAccessStream protectedData = new InMemoryRandomAccessStream();
// Retrieve an IOutputStream object and fill it with the input (plaintext) data.
IOutputStream outputStream = inputData.GetOutputStreamAt(0);
DataWriter writer = new DataWriter(outputStream);
writer.WriteBuffer(buffMsg);
await writer.StoreAsync();
await outputStream.FlushAsync();
// Retrieve an IInputStream object from which you can read the input data.
IInputStream source = inputData.GetInputStreamAt(0);
// Retrieve an IOutputStream object and fill it with encrypted data.
IOutputStream dest = protectedData.GetOutputStreamAt(0);
await Provider.ProtectStreamAsync(source, dest);
await dest.FlushAsync();
//Verify that the protected data does not match the original
DataReader reader1 = new DataReader(inputData.GetInputStreamAt(0));
DataReader reader2 = new DataReader(protectedData.GetInputStreamAt(0));
await reader1.LoadAsync((uint)inputData.Size);
await reader2.LoadAsync((uint)protectedData.Size);
IBuffer buffOriginalData = reader1.ReadBuffer((uint)inputData.Size);
IBuffer buffProtectedData = reader2.ReadBuffer((uint)protectedData.Size);
if (CryptographicBuffer.Compare(buffOriginalData, buffProtectedData))
{
throw new Exception("ProtectStreamAsync returned unprotected data");
}
// Return the encrypted data.
return buffProtectedData;
}
public async Task<String> SampleDataUnprotectStream(
IBuffer buffProtected,
BinaryStringEncoding encoding)
{
// Create a DataProtectionProvider object.
DataProtectionProvider Provider = new DataProtectionProvider();
// Create a random access stream to contain the encrypted message.
InMemoryRandomAccessStream inputData = new InMemoryRandomAccessStream();
// Create a random access stream to contain the decrypted data.
InMemoryRandomAccessStream unprotectedData = new InMemoryRandomAccessStream();
// Retrieve an IOutputStream object and fill it with the input (encrypted) data.
IOutputStream outputStream = inputData.GetOutputStreamAt(0);
DataWriter writer = new DataWriter(outputStream);
writer.WriteBuffer(buffProtected);
await writer.StoreAsync();
await outputStream.FlushAsync();
// Retrieve an IInputStream object from which you can read the input (encrypted) data.
IInputStream source = inputData.GetInputStreamAt(0);
// Retrieve an IOutputStream object and fill it with decrypted data.
IOutputStream dest = unprotectedData.GetOutputStreamAt(0);
await Provider.UnprotectStreamAsync(source, dest);
await dest.FlushAsync();
// Write the decrypted data to an IBuffer object.
DataReader reader2 = new DataReader(unprotectedData.GetInputStreamAt(0));
await reader2.LoadAsync((uint)unprotectedData.Size);
IBuffer buffUnprotectedData = reader2.ReadBuffer((uint)unprotectedData.Size);
// Convert the IBuffer object to a string using the same encoding that was
// used previously to conver the plaintext string (before encryption) to an
// IBuffer object.
String strUnprotected = CryptographicBuffer.ConvertBinaryToString(encoding, buffUnprotectedData);
// Return the decrypted data.
return strUnprotected;
}
}
}
備註
您可以使用 類別來保護資料至下列任一項:
- 您可以使用安全性描述元 (SID) 或 SDDL) 字串 (SDDL 定義語言來保護資料到 Active Directory (AD) 安全性主體,例如 AD 群組。 群組的任何成員都可以解密資料。
- 您可以將資料保護至本機使用者或電腦帳戶。
- 您可以將資料保護至登入網站期間所使用的認證 (密碼) 。
針對安全性描述項和 SDDL 字串,您必須在資訊清單中設定企業驗證功能。 企業驗證功能僅限於使用公司帳戶建置的 UWP 應用程式,而且受限於額外的上線驗證。 除非絕對必要,否則您應該避免企業驗證功能。 如需詳細資訊,請參閱 註冊開發人員帳戶。 例如,下列 SID 和 SDDL 提供者需要企業驗證功能:
- 「SID=S-1-5-21-4392301 AND SID=S-1-5-21-3101812」
- 「SDDL=O:S-1-5-5-0-290724G: (A;;CCDC;;;S-1-5-5-0-290724) (A;;DC;;;WD) 」
這些提供者不需要企業驗證功能:
- 「LOCAL=user」
- 「LOCAL=machine」
- 「WEBCREDENTIALS=MyPasswordName」
- 「WEBCREDENTIALS=MyPasswordName,myweb.com」
建構函式
| DataProtectionProvider() |
用於解密作業的建構函式。 呼叫 UnprotectAsync 或 UnprotectStreamAsync 方法之前,請先使用此建構函式。 |
| DataProtectionProvider(String) |
用於加密作業的建構函式。 呼叫 ProtectAsync 或 ProtectStreamAsync 方法之前,請先使用此建構函式。 |
方法
| ProtectAsync(IBuffer) |
以非同步方式保護靜態資料。 |
| ProtectStreamAsync(IInputStream, IOutputStream) |
以非同步方式保護資料流程。 |
| UnprotectAsync(IBuffer) |
以非同步方式解密靜態資料。 |
| UnprotectStreamAsync(IInputStream, IOutputStream) |
以非同步方式解密資料流程。 |
適用於
意見反應
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:https://aka.ms/ContentUserFeedback。
提交並檢視相關的意見反應