问题
I'm working on a UWP app where users will be asked for their API public/secret keys for a service the app will access. Normally, I'd store preferences in ApplicationData.Current.RoamingSettings, but with the API keys, I would like to encrypt them first.
If you see below, I am not sure how to proceed with serializing an IBuffer object as I am hit with "Data of this type is not supported" when I test how to store it.
Most of the code below is a copy-pasta from https://docs.microsoft.com/en-us/uwp/api/windows.security.cryptography.dataprotection.dataprotectionprovider.
I am open to other ways to do this too. Thanks!
public class StaticDataProtection
{
private ApplicationDataContainer _roamingSettings = ApplicationData.Current.RoamingSettings;
public async void SampleProtect()
{
// Initialize function arguments.
String strMsg = "Some API key to be protected.";
String strDescriptor = "LOCAL=user";
BinaryStringEncoding encoding = BinaryStringEncoding.Utf8;
// Protect a message to the local user.
IBuffer buffProtected = await this.ProtectAsync(
strMsg,
strDescriptor,
encoding);
// FAILS
// System.Exception: 'Data of this type is not supported.
// Error trying to serialize the value to be written to the application data store
_roamingSettings.Values["apiPublic"] = buffProtected;
// How to retrieve later?
IBuffer testRetrievedData = (IBuffer) _roamingSettings.Values["apiPublic"];
// Decrypt the previously protected message.
String strDecrypted = await this.UnprotectData(
testRetrievedData, //originally buffProtected,
encoding);
}
public async Task<IBuffer> ProtectAsync(
String strMsg,
String strDescriptor,
BinaryStringEncoding encoding)
{
// Create a DataProtectionProvider object for the specified descriptor.
DataProtectionProvider Provider = new DataProtectionProvider(strDescriptor);
// Encode the plaintext input message to a buffer.
encoding = BinaryStringEncoding.Utf8;
IBuffer buffMsg = CryptographicBuffer.ConvertStringToBinary(strMsg, encoding);
// Encrypt the message.
IBuffer buffProtected = await Provider.ProtectAsync(buffMsg);
// Execution of the SampleProtectAsync function resumes here
// after the awaited task (Provider.ProtectAsync) completes.
return buffProtected;
}
public async Task<String> UnprotectData(
IBuffer buffProtected,
BinaryStringEncoding encoding)
{
// Create a DataProtectionProvider object.
DataProtectionProvider Provider = new DataProtectionProvider();
// Decrypt the protected message specified on input.
IBuffer buffUnprotected = await Provider.UnprotectAsync(buffProtected);
// Execution of the SampleUnprotectData method resumes here
// after the awaited task (Provider.UnprotectAsync) completes
// Convert the unprotected message from an IBuffer object to a string.
String strClearText = CryptographicBuffer.ConvertBinaryToString(encoding, buffUnprotected);
// Return the plaintext string.
return strClearText;
}
}
回答1:
So what I had to do is actually convert the IBuffer object into a byte array, and then it can be serialized and stored into ApplicationData.
// take in the IBuffer object
DataReader reader = DataReader.FromBuffer(buffProtected);
// make sure to use UnconsumedBufferLength to create the byte array instance
byte[] array = new byte[reader.UnconsumedBufferLength];
// read from IBuffer object into the byte array (referenced from the parameter itself)
reader.ReadBytes(array);
// finally store into the app
_roamingSettings.Values["apiPublic"] = array;
To retrieve the data later:
// cast to deserialize
byte[] deserializedArray = (byte[]) _roamingSettings.Values["apiPublic"];
// convert back into an IBuffer object
IBuffer toDecrypt = CryptographicBuffer.CreateFromByteArray(deserializedArray);
// proceed to decrypt.
来源:https://stackoverflow.com/questions/56819635/i-want-to-protect-the-users-api-public-and-secret-keys-in-my-uwp-app