System.Security 2.0.0.0 4.0.0.0 System.Object This class provides access to the Data Protection API (DPAPI) available in Microsoft Windows 2000 and later operating systems. This is a service that is provided by the operating system and does not require additional libraries. It provides protection using the user or machine credentials to encrypt or decrypt data. The class consists of two wrappers for the unmanaged DPAPI, and . These two methods can be used to encrypt and decrypt data such as passwords, keys, and connection strings. If you use these methods during impersonation, you may receive the following error: "Key not valid for use in specified state." This occurs because the DPAPI stores the key data in user profiles. If the profile is not loaded, DPAPI won’t be able to perform the decryption. To prevent this error, load the profile of the user you want to impersonate before calling either method. Using DPAPI with impersonation can incur significant complication and requires careful design choices.

Provides methods for encrypting and decrypting data. This class cannot be inherited.

Method 2.0.0.0 4.0.0.0 System.Byte[] This method can be used to encrypt data such as passwords, keys, or connection strings. The parameter enables you to add data to increase the complexity of the encryption; specify null for no additional complexity. If provided, this information must also be used when decrypting the data using the method. If you use this method during impersonation, you may receive the following error: "Key not valid for use in specified state." To prevent this error, load the profile of the user you want to impersonate before calling the method.

Encrypts the data in a specified byte array and returns a byte array that contains the encrypted data.

A byte array representing the encrypted data. A byte array that contains data to encrypt. An optional additional byte array used to increase the complexity of the encryption, or null for no additional complexity. One of the enumeration values that specifies the scope of encryption. Method 2.0.0.0 4.0.0.0 System.Byte[] This method can be used to unprotect data that was encrypted using the method. If the parameter was used during encryption, it must be supplied to unencrypt the data. If you use this method during impersonation, you may receive the following error: "Key not valid for use in specified state." To prevent this error, load the profile of the user you want to impersonate before calling the method.

Decrypts the data in a specified byte array and returns a byte array that contains the decrypted data.

A byte array representing the decrypted data. A byte array containing data encrypted using the method. An optional additional byte array that was used to encrypt the data, or null if the additional byte array was not used. One of the enumeration values that specifies the scope of data protection that was used to encrypt the data.