Calls to PortectedData.Unprotect on my development computer fail with a CryptographicException of "The requested operation requires delegation to be enabled on the machine.". The Unprotect method is being used to decrypt the initialization vector that is stored in the local registry. No other computers are used, so the Active Directory solution of enabling delegation is not viable.
private static byte[] RetrieveInitializationVector()
{
try
{
// Create or open the registry key
RegistryKey regKey = Registry.LocalMachine.OpenSubKey(CurrentRegistryKeyName);
// Get the registry key storing the encrypted value
byte[] encryptedIV = (byte[])regKey.GetValue(IVValueName);
// Decrypt the value from the registry key
byte[] decryptedIV = ProtectedData.Unprotect(encryptedIV, null, DataProtectionScope.CurrentUser);
return decryptedIV;
}
catch (Exception e)
{
throw new Exception("Could not retrieve initialization vector.", e);
}
}
Has anyone ever seen this or understand what it means? Google only returns hits to EFS, which I'm not using.