.NET Standard 2.0 and System.Security.Cryptography.ProtectedData.Protect

Question

I am looking at System.Security.Cryptography.ProtectedData.Protect @ https://docs.microsoft.com/en-gb/dotnet/api/

as we are looking to port a library from .NET Framework 4.7 to .NET Standard 2.0 to be used by .NET Core 2.0. I did a search and it only available in the full .NET Framework and .NET Core.

My question is, why is it not available in .NET Standard 2.0?

I would have thought that if it can be used in, for example, .NET Framework 4.7 and .NET Core 2.0 then it would also be part of .NET Standard 2.0

Answer 1

This API is not available "in" .NET Standard 2.0, but it is available "for" .NET Standard 2.0 as a "Platform Extension" which means that there is a NuGet package you have to add to get support for it.

If you add a reference to the System.Security.Cryptography.ProtectedData NuGet package, you can develop a .NET Standard library that uses these APIs.

However, this support only works when run on Windows, since those APIs are described as

Provides access to Windows Data Protection Api.

so it won't work on platforms other than Windows. Depending on your needs, this may be just fine.

If you are looking to implement similar concepts cross-platform, I suggest looking into the ASP.NET Core Data Protection APIs which could also be used outside of the context of an ASP.NET Core app since it is made out of NuGet packages that provide cryptographic logic and key storage solutions (e.g. directory, windows certificate stores, Azure KeyVault).

Answer 2

ProtectedData uses DPAPI from Windows. I created the library CrossProtectedData that uses ProtectedData in Windows and AspNetCore.DataProtection when running in non-Windows.

To use, simply add the NuGet package CrossProtect and replace any calls to ProtectedData with CrossProtect. Example:

using Integrative.Encryption;
using System;
using System.Security.Cryptography;
using System.Text;

namespace CrossProtectedExample
{
    class Program
    {
        static void Main(string[] args)
        {
            // our text to protect
            var text = "Hello!";

            // get bytes from text
            var bytes = Encoding.UTF8.GetBytes(text);

            // optional entropy
            var entropy = new byte[] { 100, 25, 31, 213 };

            // protect (encrypt)
            var protectedBytes = CrossProtect.Protect(bytes, entropy,
                DataProtectionScope.CurrentUser);

            // unprotect (decrypt)
            var unprotected = CrossProtect.Unprotect(protectedBytes, entropy,
                DataProtectionScope.CurrentUser);

            // convert bytes back to text
            var result = Encoding.UTF8.GetString(unprotected);

            // print result
            Console.WriteLine(result);
            Console.ReadKey();
        }
    }
}