Working in the financial industry is a tough job, specially if you are in the IT department. There are alot of factors that you need to consider whenever you build an application.. theres those State Laws that you need to follow.. corporate guidelines...

And at the end of the day after you have followed all these mumbo jumbo they only boil down to one specific topic... SECURITY.

In the financial industry, an application must be secure at all times... in fact it should be 110% percent secure since you are dealing with peoples information, money and ALOT MORE MONEY.

Whenver techies talk about data security.. the first thing that comes into mind is cryptography... but, theres not one way of encrypting data... theres the RSA, the not-so RSA, the Cipher-my-whatsover-hash-algorithm-till-i-cant-figure-it-out-how-i-did-it, and Random generators. You can read about these techniques here.

Then comes DPAPI (which kinda sounds like a dog if you ask me), or Data Protection API which was introduced in Windows 2000 through the crypt32.dll.

I wont dive into details about the DLL but would just show you how simple encryptions can be done using this library in conjunction with c#. Not alot of explanations, just good old code :)

using System;
using System.Collections.Generic;
using System.Text;
using System.Security;
using System.Security.Cryptography;
using System.Runtime.InteropServices;


namespace KeithRull.CS.Windows.DPAPIDemo
{
   class Program
   {
      static void Main(string[] args)
      {
         Console.WriteLine("#############################################");
         Console.WriteLine("Data Protection API Demo By Keith Rull");
         Console.WriteLine("#############################################");
         Console.WriteLine("");//line feed
         Console.Write("Enter Data To Encrypt: ");

         ConsoleKeyInfo keyPressed = Console.ReadKey(true);
         string dataToEncrypt = string.Empty;

         while ((keyPressed.Key != ConsoleKey.Enter))
         {
            dataToEncrypt += keyPressed.KeyChar;
            Console.Write("*");
            keyPressed = Console.ReadKey(true);
         }

         Console.WriteLine("");//line feed

         ProtectedDataDemo protectedDataDemo = new ProtectedDataDemo();
         protectedDataDemo.RunDemo(dataToEncrypt);
         Console.WriteLine("");//line feed
         SecuredStringDemo securedStringDemo = new SecuredStringDemo();
         securedStringDemo.RunDemo(dataToEncrypt);
         Console.WriteLine("");//line feed
         ProtectedMemoryDemo protectedMemoryDemo = new ProtectedMemoryDemo();
         protectedMemoryDemo.RunDemo();

         Console.ReadLine();
      }
   }

   class ProtectedDataDemo
   {
      public void RunDemo(string dataToEncrypt)
      {
         Console.WriteLine(">> Protected Data Demo");
         string encodedData;
         string decodedData;

         UTF8Encoding utf8 = new UTF8Encoding();

         byte[] bytesOfDataToEncrypt = utf8.GetBytes(dataToEncrypt);
         byte[] bytesOfProtectedData = ProtectedData.Protect(bytesOfDataToEncrypt, null, DataProtectionScope.CurrentUser);

         encodedData = Convert.ToBase64String(bytesOfProtectedData);

         byte[] bytesOfDataToDecrypt = Convert.FromBase64String(encodedData);
         byte[] bytesOfUnprotectedData = ProtectedData.Unprotect(bytesOfDataToDecrypt, null, DataProtectionScope.CurrentUser);

         decodedData = utf8.GetString(bytesOfUnprotectedData);

         Console.WriteLine("Original Data: " + dataToEncrypt);
         Console.WriteLine("Encrypted Data: " + encodedData);
         Console.WriteLine("Decrypted Data: " + decodedData);
      }
   }

   class ProtectedMemoryDemo
   {
      public void RunDemo()
      {
         /*
         * We are not using the data that was passed by the
         * user from the console for this method because there
         * is a rule that the parameter for ProtectedMemory.Protect
         * and ProtectedMemory.Unprotect should have a byte size
         * that is a multiple of 16.
         * */

         string dataToEncrypt = "12345678123456781234567812345678";
         Console.WriteLine(">> Protected Memory Demo");
         string encodedData;
         string decodedData;

         Console.WriteLine("Original Data: " + dataToEncrypt);

         UTF8Encoding utf8 = new UTF8Encoding();

         byte[] bytesOfDataToEncrypt = utf8.GetBytes(dataToEncrypt);

         ProtectedMemory.Protect(bytesOfDataToEncrypt, MemoryProtectionScope.SameProcess);
         encodedData = utf8.GetString(bytesOfDataToEncrypt);
         Console.WriteLine("Encrypted Data: " + encodedData);

         ProtectedMemory.Unprotect(bytesOfDataToEncrypt, MemoryProtectionScope.SameProcess);
         decodedData = utf8.GetString(bytesOfDataToEncrypt);
         Console.WriteLine("Decrypted Data: " + decodedData);
      }
   }

   class SecuredStringDemo
   {
      public void RunDemo(string dataToEncrypt)
      {
         Console.WriteLine(">> Secured String Demo");

         SecureString secureString = new SecureString();

         foreach (char character in dataToEncrypt.ToCharArray())
         {
            secureString.AppendChar(character);
         }

         secureString.MakeReadOnly();

         IntPtr byteStringPtr = Marshal.SecureStringToBSTR(secureString);

         Console.WriteLine("Original Data: " + dataToEncrypt);

         try
         {
            Console.WriteLine("Pointer Numeric Equivalent: " + byteStringPtr.ToString());
            Console.WriteLine("Decrypted Memory Value: " + Marshal.PtrToStringAuto(byteStringPtr));
         }
         finally
         {
            Marshal.ZeroFreeBSTR(byteStringPtr);
         }

      }
   }
}