Microsoft provide with the .net framework a security layer giving you the possibility of encoding data without the need of manage public and private key.

In fact, this key are directly store by Windows and only the current user can decrypt the data.

So how to encode data ?

In first you need to encode your string into an array of byte.

byte[] toEncrypt = UnicodeEncoding.ASCII.GetBytes(value);

At this moment you do not encode really your string, it’s only a byte array.

Choose the scope of data encoding/decoding

Now we want to encode the data, for this we have different scope of encoding. For that we will use the DataProtectionScope enum which provide use two possibilities CurrentUser or LocalMachine. If you choose this last, all the process of all the users using this computer can decrypt data, the CurrentUser restrict to the current logged user.

DataProtectionScope Scope = DataProtectionScope.CurrentUser;
byte[] encryptedData = ProtectedData.Protect(toEncrypt, null, Scope );

To make easier this post i put a null value for the entropy, it’s like a salt that you add to make the encryption better.

But in a production application I highly advise you to add entropy.

After that your string is encrypt into the encryptedData array, you can now store this into a file or a database for example.

How to decrypt data ?

We know how to encrypt but this is not really interesting if we cannot inverse the process.

It’s easy you just have to call the UnProtect method.

byte[] uncodedData = ProtectedData.Unprotect(encryptedData, null, Scope);
string uncodedString  = UnicodeEncoding.ASCII.GetString(uncodedData);

One more time the null parameter is here the entropy