Click here to Skip to main content
13,356,787 members (79,015 online)
Click here to Skip to main content
Add your own
alternative version


9 bookmarked
Posted 5 Oct 2005

Keeping Secrets with Data Protection API (DPAPI) in .NET

, 5 Oct 2005
Rate this:
Please Sign up or sign in to vote.
A full blown sample of keeping data secret in memory or on a file.


Data Protection using DPAPI on managed code needs to be done using C++ unmanaged code or by writing some wrapper code, as many of us have done. Data Protection is available in VS2005 by using some simple-to-use static methods: "ProtectedMemory::Protect", "ProtectedMemory::Unprotect", "ProtectedData::Protect", and "ProtectedData::Unprotect" located in the "System::Security::Cryptography" namespace. I have taken some time to define a class that I called "Secret" that hides many implementation details with the intention of making working with those methods as simple as it can be. For example:

int main(array<System::String ^> ^args)
    // secret info to protect
    String ^s = L"this is a sample and a long one it is";

    // get the secret instance
    ::Security::ISecret ^a =
       (::Security::ISecret^)(gcnew ::Security::Secret());

    // keep your secret in memory
    a->ProtectMemory(s) ;

    // some user given / known data (entroy) to salt secret and
    // target file to store secret into
    String ^entropy=L"test", ^fpath=L"c:/temp/test.dat" ;

    // keep your secret in a file
    a->ProtectDataToFile(s,entropy,fpath) ;
    a->UnprotectDataFromFile(entropy,fpath) ;

    return 0;

You will soon find that keeping secrets with the "Secret" class can be a bit more complex if you like to influence the "Scope" of your secret. For that reason I also abstracted out the DPAPI enumerators and provided a single enumerator class as follows:

public enum class ProtectionScope

   // memory protection

   ProtectMemoryCrossProcess = 1,
   ProtectMemorySameLogon    = 2,
   ProtectMemorySameProcess  = 3,

   // data protection

   ProtectDataCurrentUser  = 10,
   ProtectDataLocalMachine = 11,

}  ;

To change the scope just do the following:

a->Scope = ProtectionScope::ProtectMemoryCrossProcess ;

I encourage the reader to lookup the DPAPI MSDN articles and use it to keep data secure in their applications. Search for DPAPI and "ProtectedMemory" to get to those articles.

I'd also like that anyone interested in the "Secret" class use it, and if improvements are done, keep me posted of those. Also if there are any recommendations (the good and the bad) send me those as well.


This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


About the Author

Web Developer
Puerto Rico Puerto Rico
C/C++ programmer since 1984.

You may also be interested in...


Comments and Discussions

QuestionProblem in Scope? Pin
matrixprogrammer5-Sep-07 18:14
membermatrixprogrammer5-Sep-07 18:14 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.180111.1 | Last Updated 5 Oct 2005
Article Copyright 2005 by esob
Everything else Copyright © CodeProject, 1999-2018
Layout: fixed | fluid