问题
I have some data I wish to protect, so I am using ProtectedData to encrypt it onto a file.
When I am attempting to read and decrypt the data I am getting the strangest exception:
CryptographicException - Unable to update the password. The value provided for the new password does not not meet the length, complexity, or history requirements of the domain.
This is where it is thrown:
byte[] decryptedData = ProtectedData.Unprotect(Encoding.UTF8.GetBytes(fileContent),
Encoding.UTF8.GetBytes(entropy),
DataProtectionScope.LocalMachine);
It also happens when using DataProtectionScope.CurrentUser.
I haven't found any information about this exception online so I'm pretty much clueless.
回答1:
Some generic errors won't generate an exception and that last error is thrown.
From inside System.Security.Cryptography.ProtectedDate.Unprotect:
throw new CryptographicException(Marshal.GetLastWin32Error());
More specifically it is most like failing because of on of the default flags using the System.Security.Cryptography implementing crypt32.dll:CryptUnprotectData - CRYPTPROTECT_UI_FORBIDDEN - "This flag is used for remote situations where presenting a user interface (UI) is not an option. When this flag is set and a UI is specified for either protection or unprotection, the call fails and GetLastError() returns the ERROR_PASSWORD_RESTRICTION status code." Windows Data Protection
I found a workaround that works for me is to not use the Base64 converter, I use the same script that PowerShell uses:
static byte[] ByteArrayFromString(string s)
{
int length = s.Length / 2;
byte[] numArray = new byte[length];
if (s.Length > 0)
{
for (int i = 0; i < length; i++)
{
numArray[i] = byte.Parse(s.Substring(2 * i, 2), NumberStyles.AllowHexSpecifier, CultureInfo.InvariantCulture);
}
}
return numArray;
}
来源:https://stackoverflow.com/questions/20186313/cryptographicexception-unable-to-update-the-password