PCL-Community · ruattd · Feb 9, 2026 · Feb 9, 2026 · Feb 9, 2026 · Feb 9, 2026
diff --git a/PCL.Core/App/Configuration/Storage/EncryptedFileConfigStorage.cs b/PCL.Core/App/Configuration/Storage/EncryptedFileConfigStorage.cs
@@ -3,6 +3,7 @@
 using System.Runtime.CompilerServices;
 using System.Text.Json;
 using System.Text.Json.Serialization;
+using PCL.Core.Logging;
 using PCL.Core.Utils.Secret;
 
 namespace PCL.Core.App.Configuration.Storage;
@@ -22,35 +23,43 @@ public class EncryptedFileConfigStorage(ConfigStorage source) : ConfigStorage
 
     protected override bool OnAccess<TKey, TValue>(StorageAction action, ref TKey key, [NotNullWhen(true)] ref TValue value, object? argument)
     {
-        switch (action)
+        try
         {
-            case StorageAction.Set:
+            switch (action)
             {
-                // 序列化
-                var type = typeof(TValue);
-                string strValue;
-                if (type == typeof(string)) strValue = value?.ToString() ?? string.Empty;
-                else strValue = JsonSerializer.Serialize(value, _SerializerOptions);
-                // 加密
-                strValue = EncryptHelper.SecretEncrypt(strValue);
-                return Source.Access(StorageAction.Set, ref key, ref strValue, argument);
+                case StorageAction.Set:
+                {
+                    // 序列化
+                    var type = typeof(TValue);
+                    string strValue;
+                    if (type == typeof(string)) strValue = value?.ToString() ?? string.Empty;
+                    else strValue = JsonSerializer.Serialize(value, _SerializerOptions);
+                    // 加密
+                    strValue = EncryptHelper.SecretEncrypt(strValue);
+                    return Source.Access(StorageAction.Set, ref key, ref strValue, argument);
+                }
+                case StorageAction.Get:
+                {
+                    // 获取加密值
+                    string? raw = null;
+                    var hasOutput = Source.Access(StorageAction.Get, ref key, ref raw, argument);
+                    if (!hasOutput) return false;
+                    // 解密
+                    var decrypted = EncryptHelper.SecretDecrypt(raw);
+                    // 反序列化
+                    var type = typeof(TValue);
+                    if (type == typeof(bool)) Unsafe.As<TValue, bool>(ref value) = decrypted.ToLowerInvariant() is "true" or "1";
+                    else if (type == typeof(string)) Unsafe.As<TValue, string>(ref value) = decrypted;
+                    else value = JsonSerializer.Deserialize<TValue>(decrypted, _SerializerOptions) ?? throw new NullReferenceException("Decryption produced a null reference");
+                    return hasOutput;
+                }
+                default: return Source.Access(action, ref key, ref value, argument);
             }
-            case StorageAction.Get:
-            {
-                // 获取加密值
-                string? raw = null;
-                var hasOutput = Source.Access(StorageAction.Get, ref key, ref raw, argument);
-                if (!hasOutput) return false;
-                // 解密
-                var decrypted = EncryptHelper.SecretDecrypt(raw);
-                // 反序列化
-                var type = typeof(TValue);
-                if (type == typeof(bool)) Unsafe.As<TValue, bool>(ref value) = decrypted.ToLowerInvariant() is "true" or "1";
-                else if (type == typeof(string)) Unsafe.As<TValue, string>(ref value) = decrypted;
-                else value = JsonSerializer.Deserialize<TValue>(decrypted, _SerializerOptions) ?? throw new NullReferenceException("Decryption produced a null reference");
-                return hasOutput;
-            }
-            default: return Source.Access(action, ref key, ref value, argument);
+        }
+        catch (Exception ex)
+        {
+            LogWrapper.Error(ex, "Config", "无法处理加解密");
+            return false;
         }
     }
 }
diff --git a/PCL.Core/PCL.Core.csproj b/PCL.Core/PCL.Core.csproj
@@ -51,6 +51,7 @@
         <!-- 语言和系统特性 -->
         <PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
         <PackageReference Include="System.Management" Version="10.0.1" />
+        <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="10.0.2" />
         <!-- 归档文件 -->
         <PackageReference Include="SharpZipLib" Version="1.4.2" />
         <!-- 配置文件和数据库 -->

diff --git a/PCL.Core/Utils/Secret/EncryptHelper.cs b/PCL.Core/Utils/Secret/EncryptHelper.cs
@@ -1,4 +1,5 @@
 using System;
+using System.Buffers;
 using System.Buffers.Binary;
 using System.Collections.Generic;
 using System.IO;
@@ -153,7 +154,7 @@ private static byte[] _GetKey()
             return data.Version switch
             {
                 1 => ProtectedData.Unprotect(data.Data, _IdentifyEntropy, DataProtectionScope.CurrentUser),
-                _ => throw new NotSupportedException("Unsupported encryption version")
+                _ => throw new NotSupportedException("Unsupported key version")
             };
         }
         else