-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMicrosoft.AspNetCore.DataProtection.xml
2260 lines (2259 loc) · 144 KB
/
Microsoft.AspNetCore.DataProtection.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0"?>
<doc>
<assembly>
<name>Microsoft.AspNetCore.DataProtection</name>
</assembly>
<members>
<member name="T:Microsoft.AspNetCore.DataProtection.ActivatorExtensions">
<summary>
Extension methods for working with <see cref="T:Microsoft.AspNetCore.DataProtection.Internal.IActivator"/>.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.ActivatorExtensions.CreateInstance``1(Microsoft.AspNetCore.DataProtection.Internal.IActivator,System.String)">
<summary>
Creates an instance of <paramref name="implementationTypeName"/> and ensures
that it is assignable to <typeparamref name="T"/>.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.ActivatorExtensions.GetActivator(System.IServiceProvider)">
<summary>
Returns a <see cref="T:Microsoft.AspNetCore.DataProtection.Internal.IActivator"/> given an <see cref="T:System.IServiceProvider"/>.
Guaranteed to return non-null, even if <paramref name="serviceProvider"/> is null.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.ApplyPolicyAttribute">
<summary>
Signifies that the <see cref="T:Microsoft.AspNetCore.DataProtection.RegistryPolicyResolver"/> should bind this property from the registry.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.AuthenticatedEncryptorExtensions.PerformSelfTest(Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IAuthenticatedEncryptor)">
<summary>
Performs a self-test of this encryptor by running a sample payload through an
encrypt-then-decrypt operation. Throws if the operation fails.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.AuthenticatedEncryptorFactory">
<summary>
An <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IAuthenticatedEncryptorFactory"/> to create an <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IAuthenticatedEncryptor"/>
based on the <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorConfiguration"/>.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngCbcAuthenticatedEncryptorFactory">
<summary>
An <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IAuthenticatedEncryptorFactory"/> for <see cref="T:Microsoft.AspNetCore.DataProtection.Cng.CbcAuthenticatedEncryptor"/>.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory">
<summary>
An <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IAuthenticatedEncryptorFactory"/> for <see cref="T:Microsoft.AspNetCore.DataProtection.Cng.GcmAuthenticatedEncryptor"/>.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AlgorithmConfiguration.CreateNewDescriptor">
<summary>
Creates a new <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptor"/> instance based on this
configuration. The newly-created instance contains unique key material and is distinct
from all other descriptors created by the <see cref="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AlgorithmConfiguration.CreateNewDescriptor"/> method.
</summary>
<returns>A unique <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptor"/>.</returns>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorConfiguration">
<summary>
Represents a generalized authenticated encryption mechanism.
</summary>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorConfiguration.EncryptionAlgorithm">
<summary>
The algorithm to use for symmetric encryption (confidentiality).
</summary>
<remarks>
The default value is <see cref="F:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.EncryptionAlgorithm.AES_256_CBC"/>.
</remarks>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorConfiguration.ValidationAlgorithm">
<summary>
The algorithm to use for message authentication (tamper-proofing).
</summary>
<remarks>
The default value is <see cref="F:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ValidationAlgorithm.HMACSHA256"/>.
This property is ignored if <see cref="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorConfiguration.EncryptionAlgorithm"/> specifies a 'GCM' algorithm.
</remarks>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptor">
<summary>
A descriptor which can create an authenticated encryption system based upon the
configuration provided by an <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorConfiguration"/> object.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer">
<summary>
A class that can deserialize an <see cref="T:System.Xml.Linq.XElement"/> that represents the serialized version
of an <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptor"/>.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer.ImportFromXml(System.Xml.Linq.XElement)">
<summary>
Imports the <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptor"/> from serialized XML.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorConfiguration">
<summary>
Represents a configured authenticated encryption mechanism which uses
Windows CNG algorithms in CBC encryption + HMAC authentication modes.
</summary>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorConfiguration.EncryptionAlgorithm">
<summary>
The name of the algorithm to use for symmetric encryption.
This property corresponds to the 'pszAlgId' parameter of BCryptOpenAlgorithmProvider.
This property is required to have a value.
</summary>
<remarks>
The algorithm must support CBC-style encryption and must have a block size of 64 bits
or greater.
The default value is 'AES'.
</remarks>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorConfiguration.EncryptionAlgorithmProvider">
<summary>
The name of the provider which contains the implementation of the symmetric encryption algorithm.
This property corresponds to the 'pszImplementation' parameter of BCryptOpenAlgorithmProvider.
This property is optional.
</summary>
<remarks>
The default value is null.
</remarks>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorConfiguration.EncryptionAlgorithmKeySize">
<summary>
The length (in bits) of the key that will be used for symmetric encryption.
This property is required to have a value.
</summary>
<remarks>
The key length must be 128 bits or greater.
The default value is 256.
</remarks>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorConfiguration.HashAlgorithm">
<summary>
The name of the algorithm to use for hashing data.
This property corresponds to the 'pszAlgId' parameter of BCryptOpenAlgorithmProvider.
This property is required to have a value.
</summary>
<remarks>
The algorithm must support being opened in HMAC mode and must have a digest length
of 128 bits or greater.
The default value is 'SHA256'.
</remarks>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorConfiguration.HashAlgorithmProvider">
<summary>
The name of the provider which contains the implementation of the hash algorithm.
This property corresponds to the 'pszImplementation' parameter of BCryptOpenAlgorithmProvider.
This property is optional.
</summary>
<remarks>
The default value is null.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorConfiguration.Microsoft#AspNetCore#DataProtection#AuthenticatedEncryption#ConfigurationModel#IInternalAlgorithmConfiguration#Validate">
<summary>
Validates that this <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorConfiguration"/> is well-formed, i.e.,
that the specified algorithms actually exist and that they can be instantiated properly.
An exception will be thrown if validation fails.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorDescriptor">
<summary>
A descriptor which can create an authenticated encryption system based upon the
configuration provided by an <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorConfiguration"/> object.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorDescriptorDeserializer">
<summary>
A class that can deserialize an <see cref="T:System.Xml.Linq.XElement"/> that represents the serialized version
of an <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorDescriptor"/>.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorDescriptorDeserializer.ImportFromXml(System.Xml.Linq.XElement)">
<summary>
Imports the <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorDescriptor"/> from serialized XML.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngGcmAuthenticatedEncryptorConfiguration">
<summary>
Represents a configured authenticated encryption mechanism which uses
Windows CNG algorithms in GCM encryption + authentication modes.
</summary>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngGcmAuthenticatedEncryptorConfiguration.EncryptionAlgorithm">
<summary>
The name of the algorithm to use for symmetric encryption.
This property corresponds to the 'pszAlgId' parameter of BCryptOpenAlgorithmProvider.
This property is required to have a value.
</summary>
<remarks>
The algorithm must support GCM-style encryption and must have a block size exactly
128 bits.
The default value is 'AES'.
</remarks>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngGcmAuthenticatedEncryptorConfiguration.EncryptionAlgorithmProvider">
<summary>
The name of the provider which contains the implementation of the symmetric encryption algorithm.
This property corresponds to the 'pszImplementation' parameter of BCryptOpenAlgorithmProvider.
This property is optional.
</summary>
<remarks>
The default value is null.
</remarks>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngGcmAuthenticatedEncryptorConfiguration.EncryptionAlgorithmKeySize">
<summary>
The length (in bits) of the key that will be used for symmetric encryption.
This property is required to have a value.
</summary>
<remarks>
The key length must be 128 bits or greater.
The default value is 256.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngGcmAuthenticatedEncryptorConfiguration.Microsoft#AspNetCore#DataProtection#AuthenticatedEncryption#ConfigurationModel#IInternalAlgorithmConfiguration#Validate">
<summary>
Validates that this <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngGcmAuthenticatedEncryptorConfiguration"/> is well-formed, i.e.,
that the specified algorithm actually exists and can be instantiated properly.
An exception will be thrown if validation fails.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngGcmAuthenticatedEncryptorDescriptor">
<summary>
A descriptor which can create an authenticated encryption system based upon the
configuration provided by an <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngGcmAuthenticatedEncryptorConfiguration"/> object.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngGcmAuthenticatedEncryptorDescriptorDeserializer">
<summary>
A class that can deserialize an <see cref="T:System.Xml.Linq.XElement"/> that represents the serialized version
of an <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngGcmAuthenticatedEncryptorDescriptor"/>.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngGcmAuthenticatedEncryptorDescriptorDeserializer.ImportFromXml(System.Xml.Linq.XElement)">
<summary>
Imports the <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorDescriptor"/> from serialized XML.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptor">
<summary>
A self-contained descriptor that wraps all information (including secret key
material) necessary to create an instance of an <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IAuthenticatedEncryptor"/>.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptor.ExportToXml">
<summary>
Exports the current descriptor to XML.
</summary>
<returns>
An <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.XmlSerializedDescriptorInfo"/> wrapping the <see cref="T:System.Xml.Linq.XElement"/> which represents the serialized
current descriptor object. The deserializer type must be assignable to <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptorDeserializer"/>.
</returns>
<remarks>
If an element contains sensitive information (such as key material), the
element should be marked via the <see cref="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.XmlExtensions.MarkAsRequiresEncryption(System.Xml.Linq.XElement)" />
extension method, and the caller should encrypt the element before persisting
the XML to storage.
</remarks>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptorDeserializer">
<summary>
The basic interface for deserializing an XML element into an <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptor"/>.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptorDeserializer.ImportFromXml(System.Xml.Linq.XElement)">
<summary>
Deserializes the specified XML element.
</summary>
<param name="element">The element to deserialize.</param>
<returns>The <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptor"/> represented by <paramref name="element"/>.</returns>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IInternalAlgorithmConfiguration">
<summary>
A type that knows how to create instances of an <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptor"/>
given specific secret key material.
</summary>
<remarks>
This type is not public because we don't want to lock ourselves into a contract stating
that a descriptor is simply a configuration plus a single serializable, reproducible secret.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IInternalAlgorithmConfiguration.CreateDescriptorFromSecret(Microsoft.AspNetCore.DataProtection.ISecret)">
<summary>
Creates a new <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptor"/> instance from this configuration
given specific secret key material.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IInternalAlgorithmConfiguration.Validate">
<summary>
Performs a self-test of the algorithm specified by the configuration object.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.ManagedAuthenticatedEncryptorConfiguration">
<summary>
Represents a configured authenticated encryption mechanism which uses
managed <see cref="T:System.Security.Cryptography.SymmetricAlgorithm"/> and
<see cref="T:System.Security.Cryptography.KeyedHashAlgorithm"/> types.
</summary>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.ManagedAuthenticatedEncryptorConfiguration.EncryptionAlgorithmType">
<summary>
The type of the algorithm to use for symmetric encryption.
The type must subclass <see cref="T:System.Security.Cryptography.SymmetricAlgorithm"/>.
This property is required to have a value.
</summary>
<remarks>
The algorithm must support CBC-style encryption and PKCS#7 padding and must have a block size of 64 bits or greater.
The default algorithm is AES.
</remarks>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.ManagedAuthenticatedEncryptorConfiguration.EncryptionAlgorithmKeySize">
<summary>
The length (in bits) of the key that will be used for symmetric encryption.
This property is required to have a value.
</summary>
<remarks>
The key length must be 128 bits or greater.
The default value is 256.
</remarks>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.ManagedAuthenticatedEncryptorConfiguration.ValidationAlgorithmType">
<summary>
The type of the algorithm to use for validation.
Type type must subclass <see cref="T:System.Security.Cryptography.KeyedHashAlgorithm"/>.
This property is required to have a value.
</summary>
<remarks>
The algorithm must have a digest length of 128 bits or greater.
The default algorithm is HMACSHA256.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.ManagedAuthenticatedEncryptorConfiguration.Microsoft#AspNetCore#DataProtection#AuthenticatedEncryption#ConfigurationModel#IInternalAlgorithmConfiguration#Validate">
<summary>
Validates that this <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.ManagedAuthenticatedEncryptorConfiguration"/> is well-formed, i.e.,
that the specified algorithms actually exist and can be instantiated properly.
An exception will be thrown if validation fails.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.ManagedAuthenticatedEncryptorDescriptor">
<summary>
A descriptor which can create an authenticated encryption system based upon the
configuration provided by an <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.ManagedAuthenticatedEncryptorConfiguration"/> object.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.ManagedAuthenticatedEncryptorDescriptorDeserializer">
<summary>
A class that can deserialize an <see cref="T:System.Xml.Linq.XElement"/> that represents the serialized version
of an <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.ManagedAuthenticatedEncryptorDescriptor"/>.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.ManagedAuthenticatedEncryptorDescriptorDeserializer.ImportFromXml(System.Xml.Linq.XElement)">
<summary>
Imports the <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.ManagedAuthenticatedEncryptorDescriptor"/> from serialized XML.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.SecretExtensions.ToMasterKeyElement(Microsoft.AspNetCore.DataProtection.ISecret)">
<summary>
Converts an <see cref="T:Microsoft.AspNetCore.DataProtection.ISecret"/> to an <masterKey> element which is marked
as requiring encryption.
</summary>
<returns></returns>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.SecretExtensions.ToSecret(System.String)">
<summary>
Converts a base64-encoded string into an <see cref="T:Microsoft.AspNetCore.DataProtection.ISecret"/>.
</summary>
<returns></returns>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.XmlExtensions.MarkAsRequiresEncryption(System.Xml.Linq.XElement)">
<summary>
Marks the provided <see cref="T:System.Xml.Linq.XElement"/> as requiring encryption before being persisted
to storage. Use when implementing <see cref="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptor.ExportToXml"/>.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.XmlSerializedDescriptorInfo">
<summary>
Wraps an <see cref="T:System.Xml.Linq.XElement"/> that contains the XML-serialized representation of an
<see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptor"/> along with the type that can be used
to deserialize it.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.XmlSerializedDescriptorInfo.#ctor(System.Xml.Linq.XElement,System.Type)">
<summary>
Creates an instance of an <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.XmlSerializedDescriptorInfo"/>.
</summary>
<param name="serializedDescriptorElement">The XML-serialized form of the <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptor"/>.</param>
<param name="deserializerType">The class whose <see cref="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptorDeserializer.ImportFromXml(System.Xml.Linq.XElement)"/>
method can be used to deserialize <paramref name="serializedDescriptorElement"/>.</param>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.XmlSerializedDescriptorInfo.DeserializerType">
<summary>
The class whose <see cref="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptorDeserializer.ImportFromXml(System.Xml.Linq.XElement)"/>
method can be used to deserialize the value stored in <see cref="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.XmlSerializedDescriptorInfo.SerializedDescriptorElement"/>.
</summary>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.XmlSerializedDescriptorInfo.SerializedDescriptorElement">
<summary>
An XML-serialized representation of an <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.IAuthenticatedEncryptorDescriptor"/>.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.EncryptionAlgorithm">
<summary>
Specifies a symmetric encryption algorithm to use for providing confidentiality
to protected payloads.
</summary>
</member>
<member name="F:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.EncryptionAlgorithm.AES_128_CBC">
<summary>
The AES algorithm (FIPS 197) with a 128-bit key running in Cipher Block Chaining mode.
</summary>
</member>
<member name="F:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.EncryptionAlgorithm.AES_192_CBC">
<summary>
The AES algorithm (FIPS 197) with a 192-bit key running in Cipher Block Chaining mode.
</summary>
</member>
<member name="F:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.EncryptionAlgorithm.AES_256_CBC">
<summary>
The AES algorithm (FIPS 197) with a 256-bit key running in Cipher Block Chaining mode.
</summary>
</member>
<member name="F:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.EncryptionAlgorithm.AES_128_GCM">
<summary>
The AES algorithm (FIPS 197) with a 128-bit key running in Galois/Counter Mode (FIPS SP 800-38D).
</summary>
<remarks>
This cipher mode produces a 128-bit authentication tag. This algorithm is currently only
supported on Windows.
</remarks>
</member>
<member name="F:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.EncryptionAlgorithm.AES_192_GCM">
<summary>
The AES algorithm (FIPS 197) with a 192-bit key running in Galois/Counter Mode (FIPS SP 800-38D).
</summary>
<remarks>
This cipher mode produces a 128-bit authentication tag.
</remarks>
</member>
<member name="F:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.EncryptionAlgorithm.AES_256_GCM">
<summary>
The AES algorithm (FIPS 197) with a 256-bit key running in Galois/Counter Mode (FIPS SP 800-38D).
</summary>
<remarks>
This cipher mode produces a 128-bit authentication tag.
</remarks>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IAuthenticatedEncryptor">
<summary>
The basic interface for providing an authenticated encryption and decryption routine.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IAuthenticatedEncryptor.Decrypt(System.ArraySegment{System.Byte},System.ArraySegment{System.Byte})">
<summary>
Validates the authentication tag of and decrypts a blob of encrypted data.
</summary>
<param name="ciphertext">The ciphertext (including authentication tag) to decrypt.</param>
<param name="additionalAuthenticatedData">Any ancillary data which was used during computation
of the authentication tag. The same AAD must have been specified in the corresponding
call to 'Encrypt'.</param>
<returns>The original plaintext data (if the authentication tag was validated and decryption succeeded).</returns>
<remarks>All cryptography-related exceptions should be homogenized to CryptographicException.</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IAuthenticatedEncryptor.Encrypt(System.ArraySegment{System.Byte},System.ArraySegment{System.Byte})">
<summary>
Encrypts and tamper-proofs a piece of data.
</summary>
<param name="plaintext">The plaintext to encrypt. This input may be zero bytes in length.</param>
<param name="additionalAuthenticatedData">A piece of data which will not be included in
the returned ciphertext but which will still be covered by the authentication tag.
This input may be zero bytes in length. The same AAD must be specified in the corresponding
call to Decrypt.</param>
<returns>The ciphertext blob, including authentication tag.</returns>
<remarks>All cryptography-related exceptions should be homogenized to CryptographicException.</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IAuthenticatedEncryptorFactory.CreateEncryptorInstance(Microsoft.AspNetCore.DataProtection.KeyManagement.IKey)">
<summary>
Creates an <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IAuthenticatedEncryptor"/> instance based on the given <see cref="P:Microsoft.AspNetCore.DataProtection.KeyManagement.IKey.Descriptor"/>.
</summary>
<returns>An <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IAuthenticatedEncryptor"/> instance.</returns>
<remarks>
For a given <see cref="P:Microsoft.AspNetCore.DataProtection.KeyManagement.IKey.Descriptor"/>, any two instances returned by this method should
be considered equivalent, e.g., the payload returned by one's <see cref="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IAuthenticatedEncryptor.Encrypt(System.ArraySegment{System.Byte},System.ArraySegment{System.Byte})"/>
method should be consumable by the other's <see cref="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IAuthenticatedEncryptor.Decrypt(System.ArraySegment{System.Byte},System.ArraySegment{System.Byte})"/> method.
</remarks>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IOptimizedAuthenticatedEncryptor">
<summary>
An optimized encryptor that can avoid buffer allocations in common code paths.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IOptimizedAuthenticatedEncryptor.Encrypt(System.ArraySegment{System.Byte},System.ArraySegment{System.Byte},System.UInt32,System.UInt32)">
<summary>
Encrypts and tamper-proofs a piece of data.
</summary>
<param name="plaintext">The plaintext to encrypt. This input may be zero bytes in length.</param>
<param name="additionalAuthenticatedData">A piece of data which will not be included in
the returned ciphertext but which will still be covered by the authentication tag.
This input may be zero bytes in length. The same AAD must be specified in the corresponding
call to Decrypt.</param>
<param name="preBufferSize">The number of bytes to pad before the ciphertext in the output.</param>
<param name="postBufferSize">The number of bytes to pad after the ciphertext in the output.</param>
<returns>
The ciphertext blob, including authentication tag. The ciphertext blob will be surrounded by
the number of padding bytes requested. For instance, if the given (plaintext, AAD) input results
in a (ciphertext, auth tag) output of 0x0102030405, and if 'preBufferSize' is 3 and
'postBufferSize' is 5, then the return value will be 0xYYYYYY0102030405ZZZZZZZZZZ, where bytes
YY and ZZ are undefined.
</returns>
<remarks>
This method allows for a slight performance improvement over IAuthenticatedEncryptor.Encrypt
in the case where the caller needs to prepend or append some data to the resulting ciphertext.
For instance, if the caller needs to append a 32-bit header to the resulting ciphertext, then
he can specify 4 for 'preBufferSize' and overwrite the first 32 bits of the buffer returned
by this function. This saves the caller from having to allocate a new buffer to hold the final
transformed result.
All cryptography-related exceptions should be homogenized to CryptographicException.
</remarks>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ManagedAuthenticatedEncryptorFactory">
<summary>
An <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.IAuthenticatedEncryptorFactory"/> for <see cref="T:Microsoft.AspNetCore.DataProtection.Managed.ManagedAuthenticatedEncryptor"/>.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ManagedAuthenticatedEncryptorFactory.AlgorithmActivator">
<summary>
Contains helper methods for generating cryptographic algorithm factories.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ManagedAuthenticatedEncryptorFactory.AlgorithmActivator.CreateFactory``1(System.Type)">
<summary>
Creates a factory that wraps a call to <see cref="M:System.Activator.CreateInstance``1"/>.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ValidationAlgorithm">
<summary>
Specifies a message authentication algorithm to use for providing tamper-proofing
to protected payloads.
</summary>
</member>
<member name="F:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ValidationAlgorithm.HMACSHA256">
<summary>
The HMAC algorithm (RFC 2104) using the SHA-256 hash function (FIPS 180-4).
</summary>
</member>
<member name="F:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ValidationAlgorithm.HMACSHA512">
<summary>
The HMAC algorithm (RFC 2104) using the SHA-512 hash function (FIPS 180-4).
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.BitHelpers.WriteTo(System.Void*,System.UInt32)">
<summary>
Writes an unsigned 32-bit value to a memory address, big-endian.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.BitHelpers.WriteTo(System.Byte*@,System.UInt32)">
<summary>
Writes an unsigned 32-bit value to a memory address, big-endian.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.BitHelpers.WriteTo(System.Byte[],System.Int32@,System.Int32)">
<summary>
Writes a signed 32-bit value to a memory address, big-endian.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.BitHelpers.WriteTo(System.Byte[],System.Int32@,System.UInt32)">
<summary>
Writes a signed 32-bit value to a memory address, big-endian.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.Cng.Internal.CngAuthenticatedEncryptorBase">
<summary>
Base class used for all CNG-related authentication encryption operations.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions">
<summary>
Extensions for configuring data protection using an <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.SetApplicationName(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,System.String)">
<summary>
Sets the unique name of this application within the data protection system.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<param name="applicationName">The application name.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
<remarks>
This API corresponds to setting the <see cref="P:Microsoft.AspNetCore.DataProtection.DataProtectionOptions.ApplicationDiscriminator"/> property
to the value of <paramref name="applicationName"/>.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.AddKeyEscrowSink(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,Microsoft.AspNetCore.DataProtection.KeyManagement.IKeyEscrowSink)">
<summary>
Registers a <see cref="T:Microsoft.AspNetCore.DataProtection.KeyManagement.IKeyEscrowSink"/> to perform escrow before keys are persisted to storage.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<param name="sink">The instance of the <see cref="T:Microsoft.AspNetCore.DataProtection.KeyManagement.IKeyEscrowSink"/> to register.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
<remarks>
Registrations are additive.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.AddKeyEscrowSink``1(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder)">
<summary>
Registers a <see cref="T:Microsoft.AspNetCore.DataProtection.KeyManagement.IKeyEscrowSink"/> to perform escrow before keys are persisted to storage.
</summary>
<typeparam name="TImplementation">The concrete type of the <see cref="T:Microsoft.AspNetCore.DataProtection.KeyManagement.IKeyEscrowSink"/> to register.</typeparam>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
<remarks>
Registrations are additive. The factory is registered as <see cref="F:Microsoft.Extensions.DependencyInjection.ServiceLifetime.Singleton"/>.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.AddKeyEscrowSink(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,System.Func{System.IServiceProvider,Microsoft.AspNetCore.DataProtection.KeyManagement.IKeyEscrowSink})">
<summary>
Registers a <see cref="T:Microsoft.AspNetCore.DataProtection.KeyManagement.IKeyEscrowSink"/> to perform escrow before keys are persisted to storage.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<param name="factory">A factory that creates the <see cref="T:Microsoft.AspNetCore.DataProtection.KeyManagement.IKeyEscrowSink"/> instance.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
<remarks>
Registrations are additive. The factory is registered as <see cref="F:Microsoft.Extensions.DependencyInjection.ServiceLifetime.Singleton"/>.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.AddKeyManagementOptions(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,System.Action{Microsoft.AspNetCore.DataProtection.KeyManagement.KeyManagementOptions})">
<summary>
Configures the key management options for the data protection system.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<param name="setupAction">An <see cref="T:System.Action`1"/> to configure the provided <see cref="T:Microsoft.AspNetCore.DataProtection.KeyManagement.KeyManagementOptions"/>.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.DisableAutomaticKeyGeneration(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder)">
<summary>
Configures the data protection system not to generate new keys automatically.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
<remarks>
Calling this API corresponds to setting <see cref="P:Microsoft.AspNetCore.DataProtection.KeyManagement.KeyManagementOptions.AutoGenerateKeys"/>
to 'false'. See that property's documentation for more information.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.PersistKeysToFileSystem(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,System.IO.DirectoryInfo)">
<summary>
Configures the data protection system to persist keys to the specified directory.
This path may be on the local machine or may point to a UNC share.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<param name="directory">The directory in which to store keys.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.PersistKeysToRegistry(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,Microsoft.Win32.RegistryKey)">
<summary>
Configures the data protection system to persist keys to the Windows registry.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<param name="registryKey">The location in the registry where keys should be stored.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.ProtectKeysWithCertificate(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,System.Security.Cryptography.X509Certificates.X509Certificate2)">
<summary>
Configures keys to be encrypted to a given certificate before being persisted to storage.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<param name="certificate">The certificate to use when encrypting keys.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.ProtectKeysWithCertificate(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,System.String)">
<summary>
Configures keys to be encrypted to a given certificate before being persisted to storage.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<param name="thumbprint">The thumbprint of the certificate to use when encrypting keys.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.ProtectKeysWithDpapi(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder)">
<summary>
Configures keys to be encrypted with Windows DPAPI before being persisted to
storage. The encrypted key will only be decryptable by the current Windows user account.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
<remarks>
This API is only supported on Windows platforms.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.ProtectKeysWithDpapi(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,System.Boolean)">
<summary>
Configures keys to be encrypted with Windows DPAPI before being persisted to
storage.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<param name="protectToLocalMachine">'true' if the key should be decryptable by any
use on the local machine, 'false' if the key should only be decryptable by the current
Windows user account.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
<remarks>
This API is only supported on Windows platforms.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.ProtectKeysWithDpapiNG(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder)">
<summary>
Configures keys to be encrypted with Windows CNG DPAPI before being persisted
to storage. The keys will be decryptable by the current Windows user account.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
<remarks>
See https://msdn.microsoft.com/en-us/library/windows/desktop/hh706794(v=vs.85).aspx
for more information on DPAPI-NG. This API is only supported on Windows 8 / Windows Server 2012 and higher.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.ProtectKeysWithDpapiNG(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,System.String,Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiNGProtectionDescriptorFlags)">
<summary>
Configures keys to be encrypted with Windows CNG DPAPI before being persisted to storage.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<param name="protectionDescriptorRule">The descriptor rule string with which to protect the key material.</param>
<param name="flags">Flags that should be passed to the call to 'NCryptCreateProtectionDescriptor'.
The default value of this parameter is <see cref="F:Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiNGProtectionDescriptorFlags.None"/>.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
<remarks>
See https://msdn.microsoft.com/en-us/library/windows/desktop/hh769091(v=vs.85).aspx
and https://msdn.microsoft.com/en-us/library/windows/desktop/hh706800(v=vs.85).aspx
for more information on valid values for the the <paramref name="protectionDescriptorRule"/>
and <paramref name="flags"/> arguments.
This API is only supported on Windows 8 / Windows Server 2012 and higher.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.SetDefaultKeyLifetime(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,System.TimeSpan)">
<summary>
Sets the default lifetime of keys created by the data protection system.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<param name="lifetime">The lifetime (time before expiration) for newly-created keys.
See <see cref="P:Microsoft.AspNetCore.DataProtection.KeyManagement.KeyManagementOptions.NewKeyLifetime"/> for more information and
usage notes.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.UseCryptographicAlgorithms(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorConfiguration)">
<summary>
Configures the data protection system to use the specified cryptographic algorithms
by default when generating protected payloads.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<param name="configuration">Information about what cryptographic algorithms should be used.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.UseCustomCryptographicAlgorithms(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngCbcAuthenticatedEncryptorConfiguration)">
<summary>
Configures the data protection system to use custom Windows CNG algorithms.
This API is intended for advanced scenarios where the developer cannot use the
algorithms specified in the <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.EncryptionAlgorithm"/> and
<see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ValidationAlgorithm"/> enumerations.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<param name="configuration">Information about what cryptographic algorithms should be used.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
<remarks>
This API is only available on Windows.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.UseCustomCryptographicAlgorithms(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.CngGcmAuthenticatedEncryptorConfiguration)">
<summary>
Configures the data protection system to use custom Windows CNG algorithms.
This API is intended for advanced scenarios where the developer cannot use the
algorithms specified in the <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.EncryptionAlgorithm"/> and
<see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ValidationAlgorithm"/> enumerations.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<param name="configuration">Information about what cryptographic algorithms should be used.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
<remarks>
This API is only available on Windows.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.UseCustomCryptographicAlgorithms(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.ManagedAuthenticatedEncryptorConfiguration)">
<summary>
Configures the data protection system to use custom algorithms.
This API is intended for advanced scenarios where the developer cannot use the
algorithms specified in the <see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.EncryptionAlgorithm"/> and
<see cref="T:Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ValidationAlgorithm"/> enumerations.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<param name="configuration">Information about what cryptographic algorithms should be used.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.UseEphemeralDataProtectionProvider(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder)">
<summary>
Configures the data protection system to use the <see cref="T:Microsoft.AspNetCore.DataProtection.EphemeralDataProtectionProvider"/>
for data protection services.
</summary>
<param name="builder">The <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.</param>
<returns>A reference to the <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder" /> after this operation has completed.</returns>
<remarks>
If this option is used, payloads protected by the data protection system will
be permanently undecipherable after the application exits.
</remarks>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.DataProtectionOptions">
<summary>
Provides global options for the Data Protection system.
</summary>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.DataProtectionOptions.ApplicationDiscriminator">
<summary>
An identifier that uniquely discriminates this application from all other
applications on the machine. The discriminator value is implicitly included
in all protected payloads generated by the data protection system to isolate
multiple logical applications that all happen to be using the same key material.
</summary>
<remarks>
If two different applications need to share protected payloads, they should
ensure that this property is set to the same value across both applications.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.DataProtectionUtilityExtensions.GetApplicationUniqueIdentifier(System.IServiceProvider)">
<summary>
Returns a unique identifier for this application.
</summary>
<param name="services">The application-level <see cref="T:System.IServiceProvider"/>.</param>
<returns>A unique application identifier, or null if <paramref name="services"/> is null
or cannot provide a unique application identifier.</returns>
<remarks>
<para>
The returned identifier should be stable for repeated runs of this same application on
this machine. Additionally, the identifier is only unique within the scope of a single
machine, e.g., two different applications on two different machines may return the same
value.
</para>
<para>
This identifier may contain security-sensitive information such as physical file paths,
configuration settings, or other machine-specific information. Callers should take
special care not to disclose this information to untrusted entities.
</para>
</remarks>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.EphemeralDataProtectionProvider">
<summary>
An <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"/> that is transient.
</summary>
<remarks>
Payloads generated by a given <see cref="T:Microsoft.AspNetCore.DataProtection.EphemeralDataProtectionProvider"/> instance can only
be deciphered by that same instance. Once the instance is lost, all ciphertexts
generated by that instance are permanently undecipherable.
</remarks>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.EphemeralDataProtectionProvider.#ctor">
<summary>
Creates an ephemeral <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"/>.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.EphemeralDataProtectionProvider.#ctor(Microsoft.Extensions.Logging.ILoggerFactory)">
<summary>
Creates an ephemeral <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"/> with logging.
</summary>
<param name="loggerFactory">The <see cref="T:Microsoft.Extensions.Logging.ILoggerFactory" />.</param>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder">
<summary>
Provides access to configuration for the data protection system, which allows the
developer to configure default cryptographic algorithms, key storage locations,
and the mechanism by which keys are protected at rest.
</summary>
<remarks>
<para>
If the developer changes the at-rest key protection mechanism, it is intended that
he also change the key storage location, and vice versa. For instance, a call to
<see cref="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.ProtectKeysWithCertificate(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,System.String)" /> should generally be accompanied by
a call to <see cref="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.PersistKeysToFileSystem(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,System.IO.DirectoryInfo)"/>, or exceptions may
occur at runtime due to the data protection system not knowing where to persist keys.
</para>
<para>
Similarly, when a developer modifies the default protected payload cryptographic
algorithms, it is intended that he also select an explitiy key storage location.
A call to <see cref="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.UseCryptographicAlgorithms(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorConfiguration)"/>
should therefore generally be paired with a call to <see cref="M:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.PersistKeysToFileSystem(Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder,System.IO.DirectoryInfo)"/>,
for example.
</para>
<para>
When the default cryptographic algorithms or at-rest key protection mechanisms are
changed, they only affect <strong>new</strong> keys in the repository. The repository may
contain existing keys that use older algorithms or protection mechanisms.
</para>
</remarks>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder.Services">
<summary>
Provides access to the <see cref="T:Microsoft.Extensions.DependencyInjection.IServiceCollection"/> passed to this object's constructor.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.Internal.DataProtectionBuilder">
<summary>
Default implementation of <see cref="T:Microsoft.AspNetCore.DataProtection.IDataProtectionBuilder"/>.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.Internal.DataProtectionBuilder.#ctor(Microsoft.Extensions.DependencyInjection.IServiceCollection)">
<summary>
Creates a new configuration object linked to a <see cref="T:Microsoft.Extensions.DependencyInjection.IServiceCollection"/>.
</summary>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.Internal.DataProtectionBuilder.Services">
<inheritdoc />
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.Internal.IActivator">
<summary>
An interface into <see cref="M:System.Activator.CreateInstance``1"/> that also supports
limited dependency injection (of <see cref="T:System.IServiceProvider"/>).
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.Internal.IActivator.CreateInstance(System.Type,System.String)">
<summary>
Creates an instance of <paramref name="implementationTypeName"/> and ensures
that it is assignable to <paramref name="expectedBaseType"/>.
</summary>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.IPersistedDataProtector">
<summary>
An interface that can provide data protection services for data which has been persisted
to long-term storage.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.IPersistedDataProtector.DangerousUnprotect(System.Byte[],System.Boolean,System.Boolean@,System.Boolean@)">
<summary>
Cryptographically unprotects a piece of data, optionally ignoring failures due to
revocation of the cryptographic keys used to protect the payload.
</summary>
<param name="protectedData">The protected data to unprotect.</param>
<param name="ignoreRevocationErrors">'true' if the payload should be unprotected even
if the cryptographic key used to protect it has been revoked (due to potential compromise),
'false' if revocation should fail the unprotect operation.</param>
<param name="requiresMigration">'true' if the data should be reprotected before being
persisted back to long-term storage, 'false' otherwise. Migration might be requested
when the default protection key has changed, for instance.</param>
<param name="wasRevoked">'true' if the cryptographic key used to protect this payload
has been revoked, 'false' otherwise. Payloads whose keys have been revoked should be
treated as suspect unless the application has separate assurance that the payload
has not been tampered with.</param>
<returns>The plaintext form of the protected data.</returns>
<remarks>
Implementations should throw CryptographicException if the protected data is
invalid or malformed.
</remarks>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.ISecret">
<summary>
Represents a secret value.
</summary>
</member>
<member name="P:Microsoft.AspNetCore.DataProtection.ISecret.Length">
<summary>
The length (in bytes) of the secret value.
</summary>
</member>
<member name="M:Microsoft.AspNetCore.DataProtection.ISecret.WriteSecretIntoBuffer(System.ArraySegment{System.Byte})">
<summary>
Writes the secret value to the specified buffer.
</summary>
<param name="buffer">The buffer which should receive the secret value.</param>
<remarks>
The buffer size must exactly match the length of the secret value.
</remarks>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver">
<summary>
Implements policy for resolving the default key from a candidate keyring.
</summary>
</member>
<member name="F:Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver._keyPropagationWindow">
<summary>
The window of time before the key expires when a new key should be created
and persisted to the keyring to ensure uninterrupted service.
</summary>
<remarks>
If the propagation time is 5 days and the current key expires within 5 days,
a new key will be generated.
</remarks>
</member>
<member name="F:Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver._maxServerToServerClockSkew">
<summary>
The maximum skew that is allowed between servers.
This is used to allow newly-created keys to be used across servers even though
their activation dates might be a few minutes into the future.
</summary>
<remarks>
If the max skew is 5 minutes and the best matching candidate default key has
an activation date of less than 5 minutes in the future, we'll use it.
</remarks>
</member>
<member name="T:Microsoft.AspNetCore.DataProtection.KeyManagement.DeferredKey">
<summary>
The basic implementation of <see cref="T:Microsoft.AspNetCore.DataProtection.KeyManagement.IKey"/>, where the incoming XML element
hasn't yet been fully processed.