Sometime we need to provide an encryption mechanism to protect user data in phone and/or sharing the data over internet to a database. Data security should be always maintain by a developer to protect the content of the application that the user enters.

If you are building an app and looking for some way to implement the mechanism, here is a wrapper class for you to do encryption and decryption of a string literal easily.

Microsoft provides a static class named “ProtectedData” which is part of “System.Security.Cryptography” namespace, provides a way to access the Data Protection API (DPAPI) available in Microsoft Windows 2000 and later operating systems. This also works in Windows Phone operating system. The class exposes two APIs named Protect and Unprotect which can be used to encrypt and decrypt users data such as username, passwords, card information, pins etc.

In one of my app “Password Locker” for Windows Phone, I already used this class to keep every details of user in a strong encrypted format with 256-bit Encryption Key. If you are also building any app and want to use the same API, you can use the following code snippets which is a wrapper above the ProtectedData class to help you easily encrypt and decrypt string literals with your custom private encryption key.

Here is the whole code snippet which you can use but make sure to change the encryption key (a sample provided here) with a strong, unbreakable string combination of letters, numbers and special characters:

namespace KunalChowdhury.Services

{

using System.Security.Cryptography;

using System.Text; public static class EncryptionService

{

// enter your private encryption key

// this should be combination of letters, numbers and special characters

private const string EncryptionKey = "My3ncRYpt10nK3y" ; private static byte [] GetToken()

{

return Encoding.UTF8.GetBytes(EncryptionKey);

} public static byte [] Encrypt( string text)

{

return ProtectedData.Protect(Encoding.UTF8.GetBytes(text), GetToken());

} public static string Decrypt( byte [] encrptedText)

{

var decryptedBytes = ProtectedData.Unprotect(encrptedText, GetToken());

return Encoding.UTF8.GetString(decryptedBytes, 0, decryptedBytes.Length);

}

}

}



Here the GetToken() method will return you a byte array of your special EncryptionKey which is only known to the application. You just have to pass the plain text to the method Encrypt() to encrypt the string and get a byte array to store in your database. When you want to retrieve it and show it to the user, call the Decrypt() method of the class by passing the encrypted byte array. This will return you the original string literal that the user actually entered.

Implementing this in your application, you and your user will be sure that the data is safe from unauthenticated access and stored in completely encrypted format. You are free to use the above code in your applications. If used, just drop a small line below in the comment section with the name and link of your application.

Thanks for reading this blog. I hope that it will help you in protecting user’s data. Don’t forget to subscribe to my blog and connect with me on Twitter, Facebook to get regular updates. Happy coding. Cheers.