Archive for the ‘ SDK ’ Category

Windows Phone Mango – Encrypt Data

Windows Phone 7 Mango has focused on the end consumer market. The phrase “Put people first” is something we have seen in all of Microsoft’s Windows Phone 7 Mango promotions. The market place is filling up with apps targeting the common user, so for most applications encryption has not been super important, although more and more enterprise apps and data sensitive apps are coming and protecting your data is key in many scenarios.

Saving data in a phone’s isolated storage is not secure, there is a tool that comes with the SDK that enables you to list, copy and replace files and directories in isolated storage. You can read about how to use the tool at MSDN. There is an excellent tool that allows the developers to do a lot more with their applications, like uninstalling developer XAPs, get detailed device information, browse the Isolated Storage, copy phones local SQL CE DB to your PC to extract and change data and so on, all this through a really nice UI. Get your hands on the Windows Phone Power Tools at CodePlex.


This article will go through the basics in how you encrypt/decrypt sensitive and confidential data such as username, password, PIN code etc. using the Data Protection API (DPAPI) to prevent anyone from accessing your data using tools like the isolated storage explorer.


Encrypting the data will not increase the security if the decryption key resides on the phone, no matter how well the key is hidden. DPAPI solves the problem of explicitly generating and storing a cryptographic key by using the user and phone credentials to encrypt and decrypt data.  This means that the only place where you can decrypt your encrypted data is on the phone itself !

ProtectedData class

You can use the ProtectedData class that provides you access to DPAPI through Protect and Unprotect methods. On a Windows Phone device, every application gets its own decryption key when the application executes for the first time. Calls to Protect and Unprotect methods will implicitly use the decryption key and make sure all data remains secure and private to the application.

Protect – Use this method to encrypt your data
Unprotect – Use this method to decrypt your data

I have created a CryptoUtils class that enables you to encrypt and decrypt strings to isolated storage.

 public static class CryptoUtil
        /// <summary>
        /// Encrypt a string and store it in the phone's isolated storage
        /// </summary>
        /// <param name="value"></param>
        /// <param name="path"></param>
        public static void EncryptAndStore(string value, string path)
            // Convert the string to a byte[].
            byte[] PinByte = Encoding.UTF8.GetBytes(value);

            // Encrypt the string by using the Protect() method.
            byte[] ProtectedBytes = ProtectedData.Protect(PinByte, null);

            // Store the encrypted string in isolated storage.
            CryptoUtil.WriteProtectedStringToFile(ProtectedBytes, path);


        /// <summary>
        /// Decrypt a string that is stored in the phone's isolated storage in the provided path
        /// </summary>
        /// <param name="path"></param>
        /// <returns></returns>
        public static string DecryptString(string path)
            using (IsolatedStorageFile file = IsolatedStorageFile.GetUserStoreForApplication())
                if (!file.FileExists(path)) return string.Empty;
            // Retrieve the string from isolated storage.
            byte[] ProtectedPinByte = CryptoUtil.ReadStringFromFile(path);

            // Decrypt the string by using the Unprotect method.
            byte[] PinByte = ProtectedData.Unprotect(ProtectedPinByte, null);

            // Convert the PIN from byte to string and display it in the text box.
            return Encoding.UTF8.GetString(PinByte, 0, PinByte.Length);

        private static void WriteProtectedStringToFile(byte[] strinData, string path)
            // Create a file in the application's isolated storage.
            using (IsolatedStorageFile file = IsolatedStorageFile.GetUserStoreForApplication())
                IsolatedStorageFileStream writestream = new IsolatedStorageFileStream(path, System.IO.FileMode.Create, System.IO.FileAccess.Write, file);

                // Write stringData to the file.
                Stream writer = new StreamWriter(writestream).BaseStream;
                writer.Write(strinData, 0, strinData.Length);

        private static byte[] ReadStringFromFile(string path)
            // Access the file in the application's isolated storage.
            using (IsolatedStorageFile file = IsolatedStorageFile.GetUserStoreForApplication())
                IsolatedStorageFileStream readstream = new IsolatedStorageFileStream(path, System.IO.FileMode.Open, FileAccess.Read, file);

                // Read the PIN from the file.
                Stream reader = new StreamReader(readstream).BaseStream;
                byte[] pinArray = new byte[reader.Length];

                reader.Read(pinArray, 0, pinArray.Length);

                return pinArray;


It is really easy to use DPAPI with Protect and Unprotect methods and if you create a CryptoUtils class that can be easily used in all of your applications there is no excuses not to do it :)

Note: If you want to encrypt large amount of data and the data is stored in the local database on the phone, then encrypting the entire database is a better options. See my next post about encypting Local DB.

Happy Coding!!


Kinect for Windows SDK Beta

Yes! It has finally arrived. Now I really know what to do this weekend!

Can’t wait to see what the community will manage to do now. If you look at all the awesome stuff that has been done so far without the SDK, hopefully now even more cool stuff will come.

Download the SDK here:

Kinect Hacks:

Happy Kinecting!!

%d bloggers like this: