Monday, July 04, 2011

Encrypting locally saved data on WP7/Mango with DPAPI

Share-n-dipity - Using DPAPI with IsolatedStorage In Windows Phone 7 Mango Release

"I was doing some work on the Mango release of Windows Phone 7 the other day. One of the great features (there are many) that has been added is support for DPAPI. One of the cases in which you might want to use this is to encrypt some content before storing it locally. In WP7, when an application stores data locally it uses something called IsolatedStorage. The IsolatedStorage system has some nice classes to help your applications read and write to it. One thing that I've discovered though (at least at this point) is that it fundamentally doesn't really work with content that's enrypted by DPAPI. Let me explain what I mean by that.

Supposed you use DPAPI to encrypt some content and then write it to disk. Now you want to read that encrypted data back in, decrypt it, and do something with it. Well if you follow most of the IsolatedStorage examples you will do something like:

...

The problem is when you call Unprotect you will get an error along the lines of padding having been added. The problem is some extra characters that the default IsolatedStorageFileStream reader adds when it reads content in for you. To work around this problem, you need to get a reference to the underlying stream and read directly from it. For example, this code:

..."

A good tip for working with DPAPI in Mango. Encrypting local, at rest, data is something that you sound look at closely if you're storing any PII or anything even close to private/confidential/shouldn't be shared beyond the user/etc.

No comments: