locked
How to Encrypt Data Stored by the SuspensionManager

    Question

  • For a Windows 8 Store app, the SuspensionManager saves session data to the file _sessionState.xml within the folder ApplicationData.Current.LocalFolder. Let's say that I want to encrypt the data before it is saved to that location and, of course, decrypt the data when the app is restored. What is the best way to do that?

    I've looked at the PasswordVault, but it does not seem to work when I want to save objects. I've thought about encrypting the memory stream before it is saved to _sessionState.xml, but the decryption portion did not work for me. BitLocker might have been another solution, though it does not seem ideal for a mobile app. Are any success stories out there?

    Tuesday, September 30, 2014 5:56 PM

All replies

  • Encrypting the memory stream makes the most sense for local storage. You can add that into SaveAsync and RestoreAsync just before writing and after reading the file.

    In what way did decryption fail?

    BitLocker doesn't do app-specific encryption. It encrypts the drive so the data won't be compromised if the user loses the device.

    --Rob


    Wednesday, October 1, 2014 2:28 AM
    Owner
  • Unfortunately, I had to go with the PasswordVault for saving encrypted session data. Here's what I did:

    1. I modified the SuspensionManager by converting the sessionData MemoryStream to a string.
    2. I then passed that string to the PasswordVault and saved it as if it had been a normal password.
    3. To retrieve the session data, I converted the "password" from the PasswordVault back to a stream.
    4. Then I deserialized the stream to the session objects.

    This thread

    http://msdn.microsoft.com/en-us/library/windows/apps/xaml/Hh802427.aspx

    seems to suggest that encrypting the memory stream should work. For me, getting the right kind of stream for things to work with the SessionManager proved to frustrating. I had to cast to IInputStream from the wrong class or to an OutputStream when something else was required. It's late, I'm frustrated, I just went with the PasswordVault hack.

    Wednesday, October 1, 2014 3:07 AM