Data Protection API In .Net Core

In this blog, we will discuss how to protect our data using cryptography in .NET Core and C#.

Introduction
 
The .NET Core 2.0 release brought more goodies to developers in the realm of cryptography. Microsoft has added the Data Protection API in order to make it easier for developers to use strong cryptography to safeguard their data. I personally love this API because it’s well-designed from a security perspective as well as an API perspective. With this API, when you need to encrypt data you simply pass the data into the protect method. When you need to access the data again, simply pass the encrypted data into the Unprotect method, and it’s converted back into plaintext.
 
This API is great because it’s simple and successfully abstracts all of the inner workings away from the developers. By default, it uses 256-bit AES encryption to protect data, which is one of the best choices for an algorithm. When you encrypt data, key management becomes a concern. The Data Protection API handles all of that for you, including rotating keys on a regular basis. Developers don’t have to worry about the details, just what methods to call and when.
 
Step 1
 
 Create a console application in .Net core.
 
Step 2 
 
Run the below commands in the package manager console.
  1. Install-Package Microsoft.Extensions.DependencyInjection -Version 3.0.0  
  2. Install-Package Microsoft.AspNetCore.DataProtection -Version 3.0.0  
Use the below usings statements in your class file.
  1. using System;  
  2. using Microsoft.AspNetCore.DataProtection;  
  3. using Microsoft.Extensions.DependencyInjection;  
In Microsoft.AspNetCore.DataProtection namespace we have one interface that is IDataProtectionProvider and it contains one method CreateProtector. 
 
We have one more interface, IDataProtector, which inherits the IDataProtectionProvider interface. It includes two different method definitions.
 
  1. namespace Microsoft.AspNetCore.DataProtection  
  2. {  
  3.        
  4.     public interface IDataProtector : IDataProtectionProvider  
  5.     {  
  6.            
  7.         byte[] Protect(byte[] plaintext);  
  8.           
  9.         byte[] Unprotect(byte[] protectedData);  
  10.     }  
  11. }  
 
In the above code snippet, we can see the two methods
 
Protect - Cryptographically protects a piece of plaintext data.
 
Unprotect - Cryptographically unprotects a piece of protected data 
 
 
Step 3
 
Use the below code in your class file
  1. public static void Main(string[] args)  
  2.        {  
  3.            // add data protection services  
  4.            var serviceCollection = new ServiceCollection();  
  5.            serviceCollection.AddDataProtection();  
  6.            var services = serviceCollection.BuildServiceProvider();  
  7.   
  8.             
  9.            var instance = ActivatorUtilities.CreateInstance<democlass>(services);  
  10.            instance.RunSample();  
  11.        }  
  12.   
  13.        public class democlass  
  14.        {  
  15.            IDataProtector _protector;  
  16.   
  17.            // the 'provider' parameter is provided by DI  
  18.            public democlass(IDataProtectionProvider provider)  
  19.            {  
  20.                _protector = provider.CreateProtector("Contoso.democlass.v1");  
  21.            }  
  22.   
  23.            public void RunSample()  
  24.            {  
  25.                Console.Write("Enter input: ");  
  26.                string input = Console.ReadLine();  
  27.   
  28.                // protect the payload  
  29.                string protectedPayload = _protector.Protect(input);  
  30.                Console.WriteLine($"Protect returned: {protectedPayload}");  
  31.                   
  32.   
  33.                // unprotect the payload  
  34.                string unprotectedPayload = _protector.Unprotect(protectedPayload);  
  35.                Console.WriteLine($"Unprotect returned: {unprotectedPayload}");  
  36.                Console.ReadLine();  
  37.            }  
  38.        }  
 
In the main method, we are adding data protection services with the help of Dependency Injection and also creating an instance for demo class using a service provider. Using this instance we are calling demo class methods.
 
 
Step 4  
 
Let's Enter our plain text. Please check the below snapshot where I am passing plain text through the console. 
 
 
 
 
 
The Protect method will return the ciphertext or protected text. The Unprotect method will return plain text. Please check the below snapshot for more details.
 
 
 
 
Summary
In this blog, we discussed data protection. I hope that you find it helpful.
Eat->Code->Sleep->Repeat.