DataProtectionProvider + "Local=user" descriptor


  • Hello,

    I created an encrypted text file in my one machine, using DataProtectionProvider + "Local=user" descriptor.

    I can also decrypt the above encrypted file in the same machine in my project.

    If now, I add the encrypted file to my project, and deploy the project to another machine, when I try to decrypt that file I can't!

    I can decrypt it only when my project is deployed in the same machine that was used to create the encrypted file!

    How can I have it machine and user independent? 

    The purpose is that I want to have an encrypted file in my project, and then to decrypt and use it inside my code as e.g. stream, buffer (not save it locally), for any user that has purchased my app created from that project.

    How to accomplish this?


    • Edited by pf16mirage Wednesday, October 1, 2014 8:58 PM
    Wednesday, October 1, 2014 8:56 PM

All replies

  • Please provide the code that you used to encrypt/decrypt the data. I think that you probably don't have access to the decryption key on the secondary machine.

    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    Thursday, October 2, 2014 1:57 PM
  • Hi, it's the code of your example Cryptography and Certificate sample in : http://code.msdn.microsoft.com/windowsapps/Cryptography-and-3305467b

    and more specifically the function SampleDataProtectionStream, where the IBuffer data I load with my own buffer. The descriptor used is "Local=user".


            public async void SampleDataProtectionStream(String descriptor)
                EncryptDecryptText.Text += "*** Sample Stream Data Protection for " + descriptor + " ***\n";
                IBuffer data = CryptographicBuffer.GenerateRandom(10000);
                DataReader reader1, reader2;
                IBuffer buff1, buff2;
                DataProtectionProvider Provider = new DataProtectionProvider(descriptor);
                InMemoryRandomAccessStream originalData = new InMemoryRandomAccessStream();
                //Populate the new memory stream
                IOutputStream outputStream = originalData.GetOutputStreamAt(0);
                DataWriter writer = new DataWriter(outputStream);
                await writer.StoreAsync();
                await outputStream.FlushAsync();
                //open new memory stream for read
                IInputStream source = originalData.GetInputStreamAt(0);
                //Open the output memory stream
                InMemoryRandomAccessStream protectedData = new InMemoryRandomAccessStream();
                IOutputStream dest = protectedData.GetOutputStreamAt(0);
                // Protect
                await Provider.ProtectStreamAsync(source, dest);
                //Flush the output
                if (await dest.FlushAsync())
                    EncryptDecryptText.Text += "    Protected output was successfully flushed\n";
                //Verify the protected data does not match the original
                reader1 = new DataReader(originalData.GetInputStreamAt(0));
                reader2 = new DataReader(protectedData.GetInputStreamAt(0));
                await reader1.LoadAsync((uint)originalData.Size);
                await reader2.LoadAsync((uint)protectedData.Size);
                EncryptDecryptText.Text += "    Size of original stream:  " + originalData.Size + "\n";
                EncryptDecryptText.Text += "    Size of protected stream:  " + protectedData.Size + "\n";
                if (originalData.Size == protectedData.Size)
                    buff1 = reader1.ReadBuffer((uint)originalData.Size);
                    buff2 = reader2.ReadBuffer((uint)protectedData.Size);
                    if (CryptographicBuffer.Compare(buff1, buff2))
                        EncryptDecryptText.Text += "ProtectStreamAsync returned unprotected data";
                EncryptDecryptText.Text += "    Stream Compare completed.  Streams did not match.\n";
                source = protectedData.GetInputStreamAt(0);
                InMemoryRandomAccessStream unprotectedData = new InMemoryRandomAccessStream();
                dest = unprotectedData.GetOutputStreamAt(0);
                // Unprotect
                DataProtectionProvider Provider2 = new DataProtectionProvider();
                await Provider2.UnprotectStreamAsync(source, dest);
                if (await dest.FlushAsync())
                    EncryptDecryptText.Text += "    Unprotected output was successfully flushed\n";
                //Verify the unprotected data does match the original
                reader1 = new DataReader(originalData.GetInputStreamAt(0));
                reader2 = new DataReader(unprotectedData.GetInputStreamAt(0));
                await reader1.LoadAsync((uint)originalData.Size);
                await reader2.LoadAsync((uint)unprotectedData.Size);
                EncryptDecryptText.Text += "    Size of original stream:  " + originalData.Size + "\n";
                EncryptDecryptText.Text += "    Size of unprotected stream:  " + unprotectedData.Size + "\n";
                buff1 = reader1.ReadBuffer((uint)originalData.Size);
                buff2 = reader2.ReadBuffer((uint)unprotectedData.Size);
                if (!CryptographicBuffer.Compare(buff1, buff2))
                    EncryptDecryptText.Text += "UnrotectStreamAsync did not return expected data";
                EncryptDecryptText.Text += "*** Done!\n";

    Thursday, October 2, 2014 2:52 PM