How to convert SecureString to System.String?
All reservations about unsecuring your SecureString by creating a System.String out of it aside, how can it be done?
How can I convert an ordinary S
-
I derived from This answer by sclarke81. I like his answer and I'm using the derivative but sclarke81's has a bug. I don't have reputation so I can't comment. The problem seems small enough that it didn't warrant another answer and I could edit it. So I did. It got rejected. So now we have another answer.
sclarke81 I hope you see this (in finally):
Marshal.Copy(new byte[length], 0, insecureStringPointer, length);should be:
Marshal.Copy(new byte[length * 2], 0, insecureStringPointer, length * 2);And the full answer with the bug fix:
/// /// Allows a decrypted secure string to be used whilst minimising the exposure of the /// unencrypted string. /// /// Generic type returned by Func delegate. /// The string to decrypt. /// /// Func delegate which will receive the decrypted password as a string object /// /// Result of Func delegate /// /// This method creates an empty managed string and pins it so that the garbage collector /// cannot move it around and create copies. An unmanaged copy of the the secure string is /// then created and copied into the managed string. The action is then called using the /// managed string. Both the managed and unmanaged strings are then zeroed to erase their /// contents. The managed string is unpinned so that the garbage collector can resume normal /// behaviour and the unmanaged string is freed. /// public static T UseDecryptedSecureString(this SecureString secureString, Func action) { int length = secureString.Length; IntPtr sourceStringPointer = IntPtr.Zero; // Create an empty string of the correct size and pin it so that the GC can't move it around. string insecureString = new string('\0', length); var insecureStringHandler = GCHandle.Alloc(insecureString, GCHandleType.Pinned); IntPtr insecureStringPointer = insecureStringHandler.AddrOfPinnedObject(); try { // Create an unmanaged copy of the secure string. sourceStringPointer = Marshal.SecureStringToBSTR(secureString); // Use the pointers to copy from the unmanaged to managed string. for (int i = 0; i < secureString.Length; i++) { short unicodeChar = Marshal.ReadInt16(sourceStringPointer, i * 2); Marshal.WriteInt16(insecureStringPointer, i * 2, unicodeChar); } return action(insecureString); } finally { // Zero the managed string so that the string is erased. Then unpin it to allow the // GC to take over. Marshal.Copy(new byte[length * 2], 0, insecureStringPointer, length * 2); insecureStringHandler.Free(); // Zero and free the unmanaged string. Marshal.ZeroFreeBSTR(sourceStringPointer); } } /// /// Allows a decrypted secure string to be used whilst minimising the exposure of the /// unencrypted string. /// /// The string to decrypt. /// /// Func delegate which will receive the decrypted password as a string object /// /// Result of Func delegate /// /// This method creates an empty managed string and pins it so that the garbage collector /// cannot move it around and create copies. An unmanaged copy of the the secure string is /// then created and copied into the managed string. The action is then called using the /// managed string. Both the managed and unmanaged strings are then zeroed to erase their /// contents. The managed string is unpinned so that the garbage collector can resume normal /// behaviour and the unmanaged string is freed. /// public static void UseDecryptedSecureString(this SecureString secureString, Action action) { UseDecryptedSecureString(secureString, (s) => { action(s); return 0; }); } }讨论(0) -
Use the System.Runtime.InteropServices.Marshal class:
String SecureStringToString(SecureString value) { IntPtr valuePtr = IntPtr.Zero; try { valuePtr = Marshal.SecureStringToGlobalAllocUnicode(value); return Marshal.PtrToStringUni(valuePtr); } finally { Marshal.ZeroFreeGlobalAllocUnicode(valuePtr); } }If you want to avoid creating a managed string object, you can access the raw data using Marshal.ReadInt16(IntPtr, Int32):
void HandleSecureString(SecureString value) { IntPtr valuePtr = IntPtr.Zero; try { valuePtr = Marshal.SecureStringToGlobalAllocUnicode(value); for (int i=0; i < value.Length; i++) { short unicodeChar = Marshal.ReadInt16(valuePtr, i*2); // handle unicodeChar } } finally { Marshal.ZeroFreeGlobalAllocUnicode(valuePtr); } }讨论(0) -
I created the following extension methods based on the answer from rdev5. Pinning the managed string is important as it prevents the garbage collector from moving it around and leaving behind copies that you're unable to erase.
I think the advantage of my solution has is that no unsafe code is needed.
/// <summary> /// Allows a decrypted secure string to be used whilst minimising the exposure of the /// unencrypted string. /// </summary> /// <typeparam name="T">Generic type returned by Func delegate.</typeparam> /// <param name="secureString">The string to decrypt.</param> /// <param name="action"> /// Func delegate which will receive the decrypted password as a string object /// </param> /// <returns>Result of Func delegate</returns> /// <remarks> /// This method creates an empty managed string and pins it so that the garbage collector /// cannot move it around and create copies. An unmanaged copy of the the secure string is /// then created and copied into the managed string. The action is then called using the /// managed string. Both the managed and unmanaged strings are then zeroed to erase their /// contents. The managed string is unpinned so that the garbage collector can resume normal /// behaviour and the unmanaged string is freed. /// </remarks> public static T UseDecryptedSecureString<T>(this SecureString secureString, Func<string, T> action) { int length = secureString.Length; IntPtr sourceStringPointer = IntPtr.Zero; // Create an empty string of the correct size and pin it so that the GC can't move it around. string insecureString = new string('\0', length); var insecureStringHandler = GCHandle.Alloc(insecureString, GCHandleType.Pinned); IntPtr insecureStringPointer = insecureStringHandler.AddrOfPinnedObject(); try { // Create an unmanaged copy of the secure string. sourceStringPointer = Marshal.SecureStringToBSTR(secureString); // Use the pointers to copy from the unmanaged to managed string. for (int i = 0; i < secureString.Length; i++) { short unicodeChar = Marshal.ReadInt16(sourceStringPointer, i * 2); Marshal.WriteInt16(insecureStringPointer, i * 2, unicodeChar); } return action(insecureString); } finally { // Zero the managed string so that the string is erased. Then unpin it to allow the // GC to take over. Marshal.Copy(new byte[length], 0, insecureStringPointer, length); insecureStringHandler.Free(); // Zero and free the unmanaged string. Marshal.ZeroFreeBSTR(sourceStringPointer); } } /// <summary> /// Allows a decrypted secure string to be used whilst minimising the exposure of the /// unencrypted string. /// </summary> /// <param name="secureString">The string to decrypt.</param> /// <param name="action"> /// Func delegate which will receive the decrypted password as a string object /// </param> /// <returns>Result of Func delegate</returns> /// <remarks> /// This method creates an empty managed string and pins it so that the garbage collector /// cannot move it around and create copies. An unmanaged copy of the the secure string is /// then created and copied into the managed string. The action is then called using the /// managed string. Both the managed and unmanaged strings are then zeroed to erase their /// contents. The managed string is unpinned so that the garbage collector can resume normal /// behaviour and the unmanaged string is freed. /// </remarks> public static void UseDecryptedSecureString(this SecureString secureString, Action<string> action) { UseDecryptedSecureString(secureString, (s) => { action(s); return 0; }); }讨论(0) -
// using so that Marshal doesn't have to be qualified using System.Runtime.InteropServices; //using for SecureString using System.Security; public string DecodeSecureString (SecureString Convert) { //convert to IntPtr using Marshal IntPtr cvttmpst = Marshal.SecureStringToBSTR(Convert); //convert to string using Marshal string cvtPlainPassword = Marshal.PtrToStringAuto(cvttmpst); //return the now plain string return cvtPlainPassword; }讨论(0) -
This C# code is what you want.
%ProjectPath%/SecureStringsEasy.csusing System; using System.Security; using System.Runtime.InteropServices; namespace SecureStringsEasy { public static class MyExtensions { public static SecureString ToSecureString(string input) { SecureString secureString = new SecureString(); foreach (var item in input) { secureString.AppendChar(item); } return secureString; } public static string ToNormalString(SecureString input) { IntPtr strptr = Marshal.SecureStringToBSTR(input); string normal = Marshal.PtrToStringBSTR(strptr); Marshal.ZeroFreeBSTR(strptr); return normal; } } }讨论(0) -
In my opinion, extension methods are the most comfortable way to solve this.
I took Steve in CO's excellent answer and put it into an extension class as follows, together with a second method I added to support the other direction (string -> secure string) as well, so you can create a secure string and convert it into a normal string afterwards:
public static class Extensions { // convert a secure string into a normal plain text string public static String ToPlainString(this System.Security.SecureString secureStr) { String plainStr=new System.Net.NetworkCredential(string.Empty, secureStr).Password; return plainStr; } // convert a plain text string into a secure string public static System.Security.SecureString ToSecureString(this String plainStr) { var secStr = new System.Security.SecureString(); secStr.Clear(); foreach (char c in plainStr.ToCharArray()) { secStr.AppendChar(c); } return secStr; } }With this, you can now simply convert your strings back and forth like so:
// create a secure string System.Security.SecureString securePassword = "MyCleverPwd123".ToSecureString(); // convert it back to plain text String plainPassword = securePassword.ToPlainString(); // convert back to normal stringBut keep in mind the decoding method should only be used for testing.
讨论(0)
加载中...
- 热议问题