I want to protect the users' API public and secret keys in my UWP app

瘦欲@ 提交于 2019-12-11 17:58:45

问题


I'm working on a UWP app where users will be asked for their API public/secret keys for a service the app will access. Normally, I'd store preferences in ApplicationData.Current.RoamingSettings, but with the API keys, I would like to encrypt them first.

If you see below, I am not sure how to proceed with serializing an IBuffer object as I am hit with "Data of this type is not supported" when I test how to store it.

Most of the code below is a copy-pasta from https://docs.microsoft.com/en-us/uwp/api/windows.security.cryptography.dataprotection.dataprotectionprovider.

I am open to other ways to do this too. Thanks!

public class StaticDataProtection
    {

        private ApplicationDataContainer _roamingSettings = ApplicationData.Current.RoamingSettings;


        public async void SampleProtect()
        {
            // Initialize function arguments.
            String strMsg = "Some API key to be protected.";
            String strDescriptor = "LOCAL=user";
            BinaryStringEncoding encoding = BinaryStringEncoding.Utf8;

            // Protect a message to the local user.
            IBuffer buffProtected = await this.ProtectAsync(
                strMsg,
                strDescriptor,
                encoding);


            // FAILS
            // System.Exception: 'Data of this type is not supported.
            // Error trying to serialize the value to be written to the application data store
            _roamingSettings.Values["apiPublic"] = buffProtected;


            // How to retrieve later?
            IBuffer testRetrievedData = (IBuffer) _roamingSettings.Values["apiPublic"];



            // Decrypt the previously protected message.
            String strDecrypted = await this.UnprotectData(
                testRetrievedData, //originally buffProtected,
                encoding);


        }

        public async Task<IBuffer> ProtectAsync(
            String strMsg,
            String strDescriptor,
            BinaryStringEncoding encoding)
        {
            // Create a DataProtectionProvider object for the specified descriptor.
            DataProtectionProvider Provider = new DataProtectionProvider(strDescriptor);

            // Encode the plaintext input message to a buffer.
            encoding = BinaryStringEncoding.Utf8;
            IBuffer buffMsg = CryptographicBuffer.ConvertStringToBinary(strMsg, encoding);

            // Encrypt the message.
            IBuffer buffProtected = await Provider.ProtectAsync(buffMsg);

            // Execution of the SampleProtectAsync function resumes here
            // after the awaited task (Provider.ProtectAsync) completes.
            return buffProtected;
        }

        public async Task<String> UnprotectData(
            IBuffer buffProtected,
            BinaryStringEncoding encoding)
        {
            // Create a DataProtectionProvider object.
            DataProtectionProvider Provider = new DataProtectionProvider();

            // Decrypt the protected message specified on input.
            IBuffer buffUnprotected = await Provider.UnprotectAsync(buffProtected);

            // Execution of the SampleUnprotectData method resumes here
            // after the awaited task (Provider.UnprotectAsync) completes
            // Convert the unprotected message from an IBuffer object to a string.
            String strClearText = CryptographicBuffer.ConvertBinaryToString(encoding, buffUnprotected);

            // Return the plaintext string.
            return strClearText;
        }
    }

回答1:


So what I had to do is actually convert the IBuffer object into a byte array, and then it can be serialized and stored into ApplicationData.

// take in the IBuffer object
DataReader reader = DataReader.FromBuffer(buffProtected);

// make sure to use UnconsumedBufferLength to create the byte array instance
byte[] array = new byte[reader.UnconsumedBufferLength];

// read from IBuffer object into the byte array (referenced from the parameter itself)
reader.ReadBytes(array);


// finally store into the app
_roamingSettings.Values["apiPublic"] = array;



To retrieve the data later:

// cast to deserialize
byte[] deserializedArray = (byte[]) _roamingSettings.Values["apiPublic"];

// convert back into an IBuffer object
IBuffer toDecrypt = CryptographicBuffer.CreateFromByteArray(deserializedArray);

// proceed to decrypt.


来源:https://stackoverflow.com/questions/56819635/i-want-to-protect-the-users-api-public-and-secret-keys-in-my-uwp-app

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!