Microsoft.AspNetCore.DataProtection

Extension methods for working with .

Creates an instance of and ensures that it is assignable to .

Returns a given an . Guaranteed to return non-null, even if is null.

Signifies that the should bind this property from the registry.

Performs a self-test of this encryptor by running a sample payload through an encrypt-then-decrypt operation. Throws if the operation fails.

An to create an based on the .

An for .

Creates a new instance based on this configuration. The newly-created instance contains unique key material and is distinct from all other descriptors created by the method.

A unique .

Represents a generalized authenticated encryption mechanism.

The algorithm to use for symmetric encryption (confidentiality).

The default value is .

The algorithm to use for message authentication (tamper-proofing).

The default value is . This property is ignored if specifies a 'GCM' algorithm.

A descriptor which can create an authenticated encryption system based upon the configuration provided by an object.

A class that can deserialize an that represents the serialized version of an .

Imports the from serialized XML.

Represents a configured authenticated encryption mechanism which uses Windows CNG algorithms in CBC encryption + HMAC authentication modes.

The name of the algorithm to use for symmetric encryption. This property corresponds to the 'pszAlgId' parameter of BCryptOpenAlgorithmProvider. This property is required to have a value.

The algorithm must support CBC-style encryption and must have a block size of 64 bits or greater. The default value is 'AES'.

The name of the provider which contains the implementation of the symmetric encryption algorithm. This property corresponds to the 'pszImplementation' parameter of BCryptOpenAlgorithmProvider. This property is optional.

The default value is null.

The length (in bits) of the key that will be used for symmetric encryption. This property is required to have a value.

The key length must be 128 bits or greater. The default value is 256.

The name of the algorithm to use for hashing data. This property corresponds to the 'pszAlgId' parameter of BCryptOpenAlgorithmProvider. This property is required to have a value.

The algorithm must support being opened in HMAC mode and must have a digest length of 128 bits or greater. The default value is 'SHA256'.

The name of the provider which contains the implementation of the hash algorithm. This property corresponds to the 'pszImplementation' parameter of BCryptOpenAlgorithmProvider. This property is optional.

The default value is null.

Validates that this is well-formed, i.e., that the specified algorithms actually exist and that they can be instantiated properly. An exception will be thrown if validation fails.

A descriptor which can create an authenticated encryption system based upon the configuration provided by an object.

A class that can deserialize an that represents the serialized version of an .

Imports the from serialized XML.

Represents a configured authenticated encryption mechanism which uses Windows CNG algorithms in GCM encryption + authentication modes.

The name of the algorithm to use for symmetric encryption. This property corresponds to the 'pszAlgId' parameter of BCryptOpenAlgorithmProvider. This property is required to have a value.

The algorithm must support GCM-style encryption and must have a block size exactly 128 bits. The default value is 'AES'.

The default value is null.

The length (in bits) of the key that will be used for symmetric encryption. This property is required to have a value.

The key length must be 128 bits or greater. The default value is 256.

Validates that this is well-formed, i.e., that the specified algorithm actually exists and can be instantiated properly. An exception will be thrown if validation fails.

A descriptor which can create an authenticated encryption system based upon the configuration provided by an object.

A class that can deserialize an that represents the serialized version of an .

Imports the from serialized XML.

A self-contained descriptor that wraps all information (including secret key material) necessary to create an instance of an .

Exports the current descriptor to XML.

An wrapping the which represents the serialized current descriptor object. The deserializer type must be assignable to . If an element contains sensitive information (such as key material), the element should be marked via the extension method, and the caller should encrypt the element before persisting the XML to storage.

The basic interface for deserializing an XML element into an .

Deserializes the specified XML element.

The element to deserialize. The represented by .

A type that knows how to create instances of an given specific secret key material.

This type is not public because we don't want to lock ourselves into a contract stating that a descriptor is simply a configuration plus a single serializable, reproducible secret.

Creates a new instance from this configuration given specific secret key material.

Performs a self-test of the algorithm specified by the configuration object.

Represents a configured authenticated encryption mechanism which uses managed and types.

The type of the algorithm to use for symmetric encryption. The type must subclass . This property is required to have a value.

The algorithm must support CBC-style encryption and PKCS#7 padding and must have a block size of 64 bits or greater. The default algorithm is AES.

The length (in bits) of the key that will be used for symmetric encryption. This property is required to have a value.

The key length must be 128 bits or greater. The default value is 256.

The type of the algorithm to use for validation. Type type must subclass . This property is required to have a value.

The algorithm must have a digest length of 128 bits or greater. The default algorithm is HMACSHA256.

Validates that this is well-formed, i.e., that the specified algorithms actually exist and can be instantiated properly. An exception will be thrown if validation fails.

A descriptor which can create an authenticated encryption system based upon the configuration provided by an object.

A class that can deserialize an that represents the serialized version of an .

Imports the from serialized XML.

Converts an to an <masterKey> element which is marked as requiring encryption.

The secret for accessing the master key. The master key .

Converts a base64-encoded string into an .

The .

Marks the provided as requiring encryption before being persisted to storage. Use when implementing .

Wraps an that contains the XML-serialized representation of an along with the type that can be used to deserialize it.

Creates an instance of an .

The XML-serialized form of the . The class whose method can be used to deserialize .

The class whose method can be used to deserialize the value stored in .

An XML-serialized representation of an .

Specifies a symmetric encryption algorithm to use for providing confidentiality to protected payloads.

The AES algorithm (FIPS 197) with a 128-bit key running in Cipher Block Chaining mode.

The AES algorithm (FIPS 197) with a 192-bit key running in Cipher Block Chaining mode.

The AES algorithm (FIPS 197) with a 256-bit key running in Cipher Block Chaining mode.

The AES algorithm (FIPS 197) with a 128-bit key running in Galois/Counter Mode (FIPS SP 800-38D).

This cipher mode produces a 128-bit authentication tag. This algorithm is currently only supported on Windows.

The AES algorithm (FIPS 197) with a 192-bit key running in Galois/Counter Mode (FIPS SP 800-38D).

This cipher mode produces a 128-bit authentication tag.

The AES algorithm (FIPS 197) with a 256-bit key running in Galois/Counter Mode (FIPS SP 800-38D).

This cipher mode produces a 128-bit authentication tag.

The basic interface for providing an authenticated encryption and decryption routine.

Validates the authentication tag of and decrypts a blob of encrypted data.

The ciphertext (including authentication tag) to decrypt. Any ancillary data which was used during computation of the authentication tag. The same AAD must have been specified in the corresponding call to 'Encrypt'. The original plaintext data (if the authentication tag was validated and decryption succeeded). All cryptography-related exceptions should be homogenized to CryptographicException.

Encrypts and tamper-proofs a piece of data.

Creates an instance based on the given .

An instance. For a given , any two instances returned by this method should be considered equivalent, e.g., the payload returned by one's method should be consumable by the other's method.

An optimized encryptor that can avoid buffer allocations in common code paths.

Encrypts and tamper-proofs a piece of data.

The plaintext to encrypt. This input may be zero bytes in length. A piece of data which will not be included in the returned ciphertext but which will still be covered by the authentication tag. This input may be zero bytes in length. The same AAD must be specified in the corresponding call to Decrypt. The number of bytes to pad before the ciphertext in the output. The number of bytes to pad after the ciphertext in the output. The ciphertext blob, including authentication tag. The ciphertext blob will be surrounded by the number of padding bytes requested. For instance, if the given (plaintext, AAD) input results in a (ciphertext, auth tag) output of 0x0102030405, and if 'preBufferSize' is 3 and 'postBufferSize' is 5, then the return value will be 0xYYYYYY0102030405ZZZZZZZZZZ, where bytes YY and ZZ are undefined. This method allows for a slight performance improvement over IAuthenticatedEncryptor.Encrypt in the case where the caller needs to prepend or append some data to the resulting ciphertext. For instance, if the caller needs to append a 32-bit header to the resulting ciphertext, then specify 4 for 'preBufferSize' and overwrite the first 32 bits of the buffer returned by this function. This saves the caller from having to allocate a new buffer to hold the final transformed result. All cryptography-related exceptions should be homogenized to CryptographicException.

An for .

Contains helper methods for generating cryptographic algorithm factories.

Creates a factory that wraps a call to .

Specifies a message authentication algorithm to use for providing tamper-proofing to protected payloads.

The HMAC algorithm (RFC 2104) using the SHA-256 hash function (FIPS 180-4).

The HMAC algorithm (RFC 2104) using the SHA-512 hash function (FIPS 180-4).

Writes an unsigned 32-bit value to a memory address, big-endian.

Writes a signed 32-bit value to a memory address, big-endian.

Base class used for all CNG-related authentication encryption operations.

Extensions for configuring data protection using an .

Sets the unique name of this application within the data protection system.

The . The application name. A reference to the after this operation has completed. This API corresponds to setting the property to the value of .

Registers a to perform escrow before keys are persisted to storage.

The . The instance of the to register. A reference to the after this operation has completed. Registrations are additive.

Registers a to perform escrow before keys are persisted to storage.

The concrete type of the to register. The . A reference to the after this operation has completed. Registrations are additive. The factory is registered as .

Registers a to perform escrow before keys are persisted to storage.

The . A factory that creates the instance. A reference to the after this operation has completed. Registrations are additive. The factory is registered as .

Configures the key management options for the data protection system.

The . An to configure the provided . A reference to the after this operation has completed.

Configures the data protection system not to generate new keys automatically.

The . A reference to the after this operation has completed. Calling this API corresponds to setting to 'false'. See that property's documentation for more information.

Configures the data protection system to persist keys to the specified directory. This path may be on the local machine or may point to a UNC share.

The . The directory in which to store keys. A reference to the after this operation has completed.

Configures the data protection system to persist keys to the Windows registry.

The . The location in the registry where keys should be stored. A reference to the after this operation has completed.

Configures keys to be encrypted to a given certificate before being persisted to storage.

The . The certificate to use when encrypting keys. A reference to the after this operation has completed.

Configures keys to be encrypted to a given certificate before being persisted to storage.

The . The thumbprint of the certificate to use when encrypting keys. A reference to the after this operation has completed.

Configures certificates which can be used to decrypt keys loaded from storage.

The . Certificates that can be used to decrypt key data. A reference to the after this operation has completed.

Configures keys to be encrypted with Windows DPAPI before being persisted to storage. The encrypted key will only be decryptable by the current Windows user account.

The . A reference to the after this operation has completed. This API is only supported on Windows platforms.

Configures keys to be encrypted with Windows DPAPI before being persisted to storage.

The . 'true' if the key should be decryptable by any use on the local machine, 'false' if the key should only be decryptable by the current Windows user account. A reference to the after this operation has completed. This API is only supported on Windows platforms.

Configures keys to be encrypted with Windows CNG DPAPI before being persisted to storage. The keys will be decryptable by the current Windows user account.

The . A reference to the after this operation has completed. See https://msdn.microsoft.com/en-us/library/windows/desktop/hh706794(v=vs.85).aspx for more information on DPAPI-NG. This API is only supported on Windows 8 / Windows Server 2012 and higher.

Configures keys to be encrypted with Windows CNG DPAPI before being persisted to storage.

The . The descriptor rule string with which to protect the key material. Flags that should be passed to the call to 'NCryptCreateProtectionDescriptor'. The default value of this parameter is . A reference to the after this operation has completed. See https://msdn.microsoft.com/en-us/library/windows/desktop/hh769091(v=vs.85).aspx and https://msdn.microsoft.com/en-us/library/windows/desktop/hh706800(v=vs.85).aspx for more information on valid values for the the and arguments. This API is only supported on Windows 8 / Windows Server 2012 and higher.

Sets the default lifetime of keys created by the data protection system.

The . The lifetime (time before expiration) for newly-created keys. See for more information and usage notes. A reference to the after this operation has completed.

Configures the data protection system to use the specified cryptographic algorithms by default when generating protected payloads.

The . Information about what cryptographic algorithms should be used. A reference to the after this operation has completed.

Configures the data protection system to use custom Windows CNG algorithms. This API is intended for advanced scenarios where the developer cannot use the algorithms specified in the and enumerations.

The . Information about what cryptographic algorithms should be used. A reference to the after this operation has completed. This API is only available on Windows.

Configures the data protection system to use custom algorithms. This API is intended for advanced scenarios where the developer cannot use the algorithms specified in the and enumerations.

The . Information about what cryptographic algorithms should be used. A reference to the after this operation has completed.

Configures the data protection system to use the for data protection services.

The . A reference to the after this operation has completed. If this option is used, payloads protected by the data protection system will be permanently undecipherable after the application exits.

Provides global options for the Data Protection system.

An identifier that uniquely discriminates this application from all other applications on the machine. The discriminator value is implicitly included in all protected payloads generated by the data protection system to isolate multiple logical applications that all happen to be using the same key material.

If two different applications need to share protected payloads, they should ensure that this property is set to the same value across both applications.

Returns a unique identifier for this application.

The application-level . A unique application identifier, or null if is null or cannot provide a unique application identifier. The returned identifier should be stable for repeated runs of this same application on this machine. Additionally, the identifier is only unique within the scope of a single machine, e.g., two different applications on two different machines may return the same value. This identifier may contain security-sensitive information such as physical file paths, configuration settings, or other machine-specific information. Callers should take special care not to disclose this information to untrusted entities.

An that is transient.

Payloads generated by a given instance can only be deciphered by that same instance. Once the instance is lost, all ciphertexts generated by that instance are permanently undecipherable.

Creates an ephemeral .

Creates an ephemeral with logging.

The .

Provides access to configuration for the data protection system, which allows the developer to configure default cryptographic algorithms, key storage locations, and the mechanism by which keys are protected at rest.

If the developer changes the at-rest key protection mechanism, it is intended that they also change the key storage location, and vice versa. For instance, a call to should generally be accompanied by a call to , or exceptions may occur at runtime due to the data protection system not knowing where to persist keys. Similarly, when a developer modifies the default protected payload cryptographic algorithms, they should also set an explicit key storage location. A call to should therefore generally be paired with a call to , for example. When the default cryptographic algorithms or at-rest key protection mechanisms are changed, they only affect new keys in the repository. The repository may contain existing keys that use older algorithms or protection mechanisms.

Provides access to the passed to this object's constructor.

Default implementation of .

Creates a new configuration object linked to a .

An interface into that also supports limited dependency injection (of ).

Creates an instance of and ensures that it is assignable to .

An interface that can provide data protection services for data which has been persisted to long-term storage.

Cryptographically unprotects a piece of data, optionally ignoring failures due to revocation of the cryptographic keys used to protect the payload.

The protected data to unprotect. 'true' if the payload should be unprotected even if the cryptographic key used to protect it has been revoked (due to potential compromise), 'false' if revocation should fail the unprotect operation. 'true' if the data should be reprotected before being persisted back to long-term storage, 'false' otherwise. Migration might be requested when the default protection key has changed, for instance. 'true' if the cryptographic key used to protect this payload has been revoked, 'false' otherwise. Payloads whose keys have been revoked should be treated as suspect unless the application has separate assurance that the payload has not been tampered with. The plaintext form of the protected data. Implementations should throw CryptographicException if the protected data is invalid or malformed.

Represents a secret value.

The length (in bytes) of the secret value.

Writes the secret value to the specified buffer.

The buffer which should receive the secret value. The buffer size must exactly match the length of the secret value.

Implements policy for resolving the default key from a candidate keyring.

The window of time before the key expires when a new key should be created and persisted to the keyring to ensure uninterrupted service.

If the propagation time is 5 days and the current key expires within 5 days, a new key will be generated.

The maximum skew that is allowed between servers. This is used to allow newly-created keys to be used across servers even though their activation dates might be a few minutes into the future.

If the max skew is 5 minutes and the best matching candidate default key has an activation date of less than 5 minutes in the future, we'll use it.

The basic implementation of , where the incoming XML element hasn't yet been fully processed.

The basic interface for representing an authenticated encryption key.

The date at which encryptions with this key can begin taking place.

The date on which this key was created.

The date after which encryptions with this key may no longer take place.

An expired key may still be used to decrypt existing payloads.

Returns a value stating whether this key was revoked.

A revoked key may still be used to decrypt existing payloads, but the payloads must be treated as tampered unless the application has some other assurance that the payloads are authentic.

The id of the key.

Gets the instance associated with this key.

Creates an instance that can be used to encrypt data to and decrypt data from this key.

An .

The basic interface for implementing a key escrow sink.

is distinct from in that provides a write-only interface and instances handle unencrypted key material, while provides a read+write interface and instances handle encrypted key material.

Stores the given key material to the escrow service.

The id of the key being persisted to escrow. The unencrypted key material in XML form.

The basic interface for performing key management operations.

Instantiations of this interface are expected to be thread-safe.

Creates a new key with the specified activation and expiration dates and persists the new key to the underlying repository.

The date on which encryptions to this key may begin. The date after which encryptions to this key may no longer take place. The newly-created IKey instance.

Fetches all keys from the underlying repository.

The collection of all keys.

Retrieves a token that signals that callers who have cached the return value of GetAllKeys should clear their caches. This could be in response to a call to CreateNewKey or RevokeKey, or it could be in response to some other external notification. Callers who are interested in observing this token should call this method before the corresponding call to GetAllKeys.

The cache expiration token. When an expiration notification is triggered, any tokens previously returned by this method will become canceled, and tokens returned by future invocations of this method will themselves not trigger until the next expiration event. Implementations are free to return 'CancellationToken.None' from this method. Since this token is never guaranteed to fire, callers should still manually clear their caches at a regular interval.

Revokes a specific key and persists the revocation to the underlying repository.

The id of the key to revoke. An optional human-readable reason for revocation. This method will not mutate existing IKey instances. After calling this method, all existing IKey instances should be discarded, and GetAllKeys should be called again.

Revokes all keys created before a specified date and persists the revocation to the underlying repository.

The revocation date. All keys with a creation date before this value will be revoked. An optional human-readable reason for revocation. This method will not mutate existing IKey instances. After calling this method, all existing IKey instances should be discarded, and GetAllKeys should be called again.

Wraps both a keyring and its expiration policy.

Returns a new which is identical to 'this' but with a lifetime extended 2 minutes from . The inner cancellation token is also disconnected.

This API supports infrastructure and is not intended to be used directly from your code. This API may change or be removed in future releases.

The default key, may be null if no key is a good default candidate.

If this property is non-null, its method will succeed so is appropriate for use with deferred keys.

The fallback key, which should be used only if the caller is configured not to honor the property. This property may be null if there is no viable fallback key.

If this property is non-null, its method will succeed so is appropriate for use with deferred keys.

'true' if a new key should be persisted to the keyring, 'false' otherwise. This value may be 'true' even if a valid default key was found.

This API supports infrastructure and is not intended to be used directly from your code. This API may change or be removed in future releases.

Implements policy for resolving the default key from a candidate keyring.

Locates the default key from the keyring.

This API supports infrastructure and is not intended to be used directly from your code. This API may change or be removed in future releases.

The basic interface for accessing a read-only keyring.

The authenticated encryptor that shall be used for new encryption operations.

Activation of the encryptor instance is deferred until first access.

The id of the key associated with .

Returns an encryptor instance for the given key, or 'null' if the key with the specified id cannot be found in the keyring.

Activation of the encryptor instance is deferred until first access.

This API supports infrastructure and is not intended to be used directly from your code. This API may change or be removed in future releases.

The basic implementation of , where the has already been created.

The basic implementation of .

Gets an aggregate from the underlying . This method may return null if no sinks are registered.

Options that control how an should behave.

Specifies whether the data protection system should auto-generate keys.

If this value is 'false', the system will not generate new keys automatically. The key ring must contain at least one active non-revoked key, otherwise calls to may fail. The system may end up protecting payloads to expired keys if this property is set to 'false'. The default value is 'true'.

Specifies the period before key expiration in which a new key should be generated so that it has time to propagate fully throughout the key ring. For example, if this period is 72 hours, then a new key will be created and persisted to storage approximately 72 hours before expiration.

This value is currently fixed at 48 hours.

Controls the auto-refresh period where the key ring provider will flush its collection of cached keys and reread the collection from backing storage.

This value is currently fixed at 24 hours.

Specifies the maximum clock skew allowed between servers when reading keys from the key ring. The key ring may use a key which has not yet been activated or which has expired if the key's valid lifetime is within the allowed clock skew window. This value can be set to if key activation and expiration times should be strictly honored by this server.

This value is currently fixed at 5 minutes.

Controls the lifetime (number of days before expiration) for newly-generated keys.

The lifetime cannot be less than one week. The default value is 90 days.

The instance that can be used to create the instance.

The list of to store the key material in.

The to use for storing and retrieving XML elements.

The to use for encrypting XML elements.

The list of that will be used for creating s.

A basic implementation of .

A key manager backed by an .

Creates an .

The instance that provides the configuration. The .

Creates an .

The instance that provides the configuration. The . The .

Wrappers around CryptProtectMemory / CryptUnprotectMemory.

A type which allows reading policy from the system registry.

The default key storage directory. On Windows, this currently corresponds to "Environment.SpecialFolder.LocalApplication/ASP.NET/DataProtection-Keys". On Linux and macOS, this currently corresponds to "$HOME/.aspnet/DataProtection-Keys".

This property can return null if no suitable default key storage directory can be found, such as the case when the user profile is unavailable.

An ephemeral XML repository backed by process memory. This class must not be used for anything other than dev scenarios as the keys will not be persisted to storage.

An XML repository backed by a file system.

Creates a with keys stored at the given directory.

The directory in which to persist key material. The .

This property can return null if no suitable default key storage directory can be found, such as the case when the user profile is unavailable.

The directory into which key material will be written.

This interface enables overridding the default storage location of keys on disk

The basic interface for storing and retrieving XML elements.

Gets all top-level XML elements in the repository.

All top-level elements in the repository.

Adds a top-level XML element to the repository.

The element to add. An optional name to be associated with the XML element. For instance, if this repository stores XML files on disk, the friendly name may be used as part of the file name. Repository implementations are not required to observe this parameter even if it has been provided by the caller. The 'friendlyName' parameter must be unique if specified. For instance, it could be the id of the key being stored.

An XML repository backed by the Windows registry.

Creates a with keys stored in the given registry key.

The registry key in which to persist key material. The .

The default key storage directory, which currently corresponds to "HKLM\SOFTWARE\Microsoft\ASP.NET\4.0.30319.0\AutoGenKeys\{SID}".

This property can return null if no suitable default registry key can be found, such as the case when this application is not hosted inside IIS.

The registry key into which key material will be written.

Represents a secret value stored in memory.

Creates a new Secret from the provided input value, where the input value is specified as an array segment.

Creates a new Secret from the provided input value, where the input value is specified as an array.

Creates a new Secret from the provided input value, where the input value is specified as a pointer to unmanaged memory.

Creates a new Secret from another secret object.

The length (in bytes) of the secret value.

Wipes the secret from memory.

Returns a Secret made entirely of random bytes retrieved from a cryptographically secure RNG.

Writes the secret value to the specified buffer.

The buffer size must exactly match the length of the secret value.

Writes the secret value to the specified buffer.

The buffer into which to write the secret value. The size (in bytes) of the provided buffer. The 'bufferLength' parameter must exactly match the length of the secret value.

A simplified default implementation of that understands how to call ctors which take .

A default whose wrapped is null.

Provides an implementation of the SP800-108-CTR-HMACSHA512 key derivation function. This class assumes at least Windows 7 / Server 2008 R2.

More info at http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf, Sec. 5.1.

Helpful extension methods on .

Throws if is not assignable to .

Contains XLinq constants.

The root namespace used for all DataProtection-specific XML elements and attributes.

Represents the type of decryptor that can be used when reading 'encryptedSecret' elements.

Elements with this attribute will be read with the specified deserializer type.

Elements with this name will be automatically decrypted when read by the XML key manager.

Elements where this attribute has a value of 'true' should be encrypted before storage.

A default implementation of that looks in the current user and local machine certificate stores.

Locates an given its thumbprint.

The thumbprint (as a hex string) of the certificate to resolve. The resolved , or null if the certificate cannot be found.

An that can perform XML encryption by using an X.509 certificate.

Creates a given a certificate's thumbprint, an that can be used to resolve the certificate, and an .

Creates a given an instance and an .

Encrypts the specified with an X.509 certificate.

The plaintext to encrypt. An that contains the encrypted value of along with information about how to decrypt it.

Flags used to control the creation of protection descriptors.

These values correspond to the 'dwFlags' parameter on NCryptCreateProtectionDescriptor. See https://msdn.microsoft.com/en-us/library/windows/desktop/hh706800(v=vs.85).aspx for more information.

No special handling is necessary.

The provided descriptor is a reference to a full descriptor stored in the system registry.

When combined with , uses the HKLM registry instead of the HKCU registry when locating the full descriptor.

An that decrypts XML elements that were encrypted with .

This API is only supported on Windows 8 / Windows Server 2012 and higher.

Creates a new instance of a .

An optional to provide ancillary services.

Decrypts the specified XML element.

An encrypted XML element. The decrypted form of .

A class that can encrypt XML elements using Windows DPAPI:NG.

This API is only supported on Windows 8 / Windows Server 2012 and higher.

Creates a new instance of a .

The rule string from which to create the protection descriptor. Flags controlling the creation of the protection descriptor. The .

Encrypts the specified .

The plaintext to encrypt. An that contains the encrypted value of along with information about how to decrypt it.

Creates a rule string tied to the current Windows user and which is transferrable across machines (backed up in AD).

An that decrypts XML elements that were encrypted with .

Creates a new instance of a .

An optional to provide ancillary services.

Decrypts the specified XML element.

An encrypted XML element. The decrypted form of .

An that encrypts XML by using Windows DPAPI.

This API is only supported on Windows platforms.

Creates a given a protection scope and an .

'true' if the data should be decipherable by anybody on the local machine, 'false' if the data should only be decipherable by the current Windows user account. The .

Encrypts the specified .

The plaintext to encrypt. An that contains the encrypted value of along with information about how to decrypt it.

An that decrypts XML elements by using the class.

Creates a new instance of an .

An optional to provide ancillary services.

Decrypts the specified XML element.

An encrypted XML element. The decrypted form of .

Can decrypt the XML key data from an that is not in stored in .

Wraps an that contains a blob of encrypted XML and information about the class which can be used to decrypt it.

Creates an instance of an .

A piece of encrypted XML. The class whose method can be used to decrypt .

The class whose method can be used to decrypt the value stored in .

A piece of encrypted XML.

Provides services for locating instances.

Locates an given its thumbprint.

The thumbprint (as a hex string) of the certificate to resolve. The resolved , or null if the certificate cannot be found.

Internal implementation details of for unit testing.

The basic interface for decrypting an XML element.

Decrypts the specified XML element.

An encrypted XML element. The decrypted form of . Implementations of this method must not mutate the instance provided by .

The basic interface for encrypting XML elements.

Encrypts the specified .

The plaintext to encrypt. An that contains the encrypted value of along with information about how to decrypt it. Implementations of this method must not mutate the instance provided by .

An that decrypts XML elements with a null decryptor.

Decrypts the specified XML element.

An encrypted XML element. The decrypted form of .

An that encrypts XML elements with a null encryptor.

Creates a new instance of .

An optional to provide ancillary services.

Encrypts the specified with a null encryptor, i.e., by returning the original value of unencrypted.

The plaintext to echo back. An that contains the null-encrypted value of along with information about how to decrypt it.

Converts an to a so that it can be kept in memory securely or run through the DPAPI routines.

Converts a back into an .

Specifies settings for how to decrypt XML keys.

Contains helpers to work with XElement objects.

Returns a new XElement which is a carbon copy of the provided element, but with no child nodes. Useful for writing exception messages without inadvertently disclosing secret key material. It is assumed that the element name itself and its attribute values are not secret.

Determines whether an exception must be homogenized by being wrapped inside a CryptographicException before being rethrown.

An error occurred during a cryptographic operation.

The provided buffer is of length {0} byte(s). It must instead be exactly {1} byte(s) in length.

The payload was invalid.

Property {0} cannot be null or empty.

The provided payload could not be decrypted. Refer to the inner exception for more information.

An error occurred while trying to encrypt the provided data. Refer to the inner exception for more information.

The key {0:B} was not found in the key ring.

The key {0:B} has been revoked.

The provided payload cannot be decrypted because it was not protected with this protection provider.

The provided payload cannot be decrypted because it was protected with a newer version of the protection provider.

Value must be non-negative.

The type '{1}' is not assignable to '{0}'.

The new key lifetime must be at least one week.

The key {0:B} already exists in the keyring.

Argument cannot be null or empty.

Property {0} must have a non-negative value.

GCM algorithms require the Windows platform.

A certificate with the thumbprint '{0}' could not be found.

Decrypting EncryptedXml-encapsulated payloads is not yet supported on Core CLR.

The symmetric algorithm block size of {0} bits is invalid. The block size must be between 64 and 2048 bits, inclusive, and it must be a multiple of 8 bits.

The validation algorithm digest size of {0} bits is invalid. The digest size must be between 128 and 2048 bits, inclusive, and it must be a multiple of 8 bits.

The symmetric algorithm key size of {0} bits is invalid. The key size must be between 128 and 2048 bits, inclusive, and it must be a multiple of 8 bits.

The key ring does not contain a valid default protection key. The data protection system cannot create a new key because auto-generation of keys is disabled.

{0} must not be negative

The '{0}' instance could not be found. When an '{1}' instance is set, a corresponding '{0}' instance must also be set.

Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.

Extension methods for setting up data protection services in an .

Adds data protection services to the specified .

The to add services to.

Adds data protection services to the specified .

The to add services to. An to configure the provided . A reference to this instance after the operation has completed.

Helpful extension methods on .

Returns a value stating whether the 'debug' log level is enabled. Returns false if the logger instance is null.

Returns a value stating whether the 'error' log level is enabled. Returns false if the logger instance is null.

Returns a value stating whether the 'information' log level is enabled. Returns false if the logger instance is null.

Returns a value stating whether the 'trace' log level is enabled. Returns false if the logger instance is null.

Returns a value stating whether the 'warning' log level is enabled. Returns false if the logger instance is null.

Helpful logging-related extension methods on .

Retrieves an instance of given the type name . This is equivalent to .

An instance, or null if is null or the cannot produce an .

Retrieves an instance of given the type name . This is equivalent to .

An instance, or null if is null or the cannot produce an .

Base type for all platform-specific API attributes.

Records the platform that the project targeted.

Records the operating system (and minimum version) that supports an API. Multiple attributes can be applied to indicate support on multiple operating systems.

Callers can apply a or use guards to prevent calls to APIs on unsupported operating systems. A given platform should only be specified once.

Marks APIs that were removed in a given operating system version.

Specifies that null is allowed as an input even if the corresponding type disallows it.

Specifies that null is disallowed as an input even if the corresponding type allows it.

Specifies that an output may be null even if the corresponding type disallows it.

Specifies that an output will not be null even if the corresponding type allows it. Specifies that an input argument was not null when the call returns.

Specifies that when a method returns , the parameter may be null even if the corresponding type disallows it.

Initializes the attribute with the specified return value condition.

The return value condition. If the method returns this value, the associated parameter may be null.

Gets the return value condition.

Specifies that when a method returns , the parameter will not be null even if the corresponding type allows it.

Initializes the attribute with the specified return value condition.

The return value condition. If the method returns this value, the associated parameter will not be null.

Gets the return value condition.

Specifies that the output will be non-null if the named parameter is non-null.

Initializes the attribute with the associated parameter name.

The associated parameter name. The output will be non-null if the argument to the parameter specified is non-null.

Gets the associated parameter name.

Applied to a method that will never return under any circumstance.

Specifies that the method will not return if the associated Boolean parameter is passed the specified value.

Initializes the attribute with the specified parameter value.

The condition parameter value. Code after the method will be considered unreachable by diagnostics if the argument to the associated parameter matches this value.

Gets the condition parameter value.

Specifies that the method or property will ensure that the listed field and property members have not-null values.

Initializes the attribute with a field or property member.

The field or property member that is promised to be not-null.

Initializes the attribute with the list of field and property members.

The list of field and property members that are promised to be not-null.

Gets field or property member names.

Specifies that the method or property will ensure that the listed field and property members have not-null values when returning with the specified return value condition.

Initializes the attribute with the specified return value condition and a field or property member.

The return value condition. If the method returns this value, the associated parameter will not be null. The field or property member that is promised to be not-null.

Initializes the attribute with the specified return value condition and list of field and property members.

The return value condition. If the method returns this value, the associated parameter will not be null. The list of field and property members that are promised to be not-null.

Gets the return value condition.

Gets field or property member names.