发表新帖
发表新帖

Convert String to SecureString

前端 未结
关注
13 1779
粉色の甜心
粉色の甜心 2020-12-12 15:43

How to convert String to SecureString?

相关标签:
13条回答
  • 孤城傲影
    2020-12-12 16:33

    If you would like to compress the conversion of a string to a SecureString into a LINQ statement you can express it as follows:

    var plain  = "The quick brown fox jumps over the lazy dog";
var secure = plain
             .ToCharArray()
             .Aggregate( new SecureString()
                       , (s, c) => { s.AppendChar(c); return s; }
                       , (s)    => { s.MakeReadOnly(); return s; }
                       );

    However, keep in mind that using LINQ does not improve the security of this solution. It suffers from the same flaw as any conversion from string to SecureString. As long as the original string remains in memory the data is vulnerable.

    That being said, what the above statement can offer is keeping together the creation of the SecureString, its initialization with data and finally locking it from modification.

    0 讨论(0)
  • 轻奢々
    2020-12-12 16:34

    below method helps to convert string to secure string

    private SecureString ConvertToSecureString(string password)
{
    if (password == null)
        throw new ArgumentNullException("password");

    var securePassword = new SecureString();

    foreach (char c in password)
        securePassword.AppendChar(c);

    securePassword.MakeReadOnly();
    return securePassword;
}
    0 讨论(0)
  • 暗喜
    2020-12-12 16:34

    you can use this simple script

    private SecureString SecureStringConverter(string pass)
{
    SecureString ret = new SecureString();

    foreach (char chr in pass.ToCharArray())
        ret.AppendChar(chr);

    return ret;
}
    0 讨论(0)
  • 轮回少年
    2020-12-12 16:37

    You don't. The whole reason for using the SecureString object is to avoid creating a string object (which is loaded into memory and kept there in plaintext until garbage collection). However, you can add characters to a SecureString by appending them.

    var s = new SecureString();
s.AppendChar('d');
s.AppendChar('u');
s.AppendChar('m');
s.AppendChar('b');
s.AppendChar('p');
s.AppendChar('a');
s.AppendChar('s');
s.AppendChar('s');
s.AppendChar('w');
s.AppendChar('d');
    0 讨论(0)
  • 南旧
    2020-12-12 16:38

    I just want to point out to all the people saying, "That's not the point of SecureString", that many of the people asking this question might be in an application where, for whatever reason, justified or not, they are not particularly concerned about having a temporary copy of the password sit on the heap as a GC-able string, but they have to use an API that only accepts SecureString objects. So, you have an app where you don't care whether the password is on the heap, maybe it's internal-use only and the password is only there because it's required by the underlying network protocols, and you find that that string where the password is stored cannot be used to e.g. set up a remote PowerShell Runspace -- but there is no easy, straight-forward one-liner to create that SecureString that you need. It's a minor inconvenience -- but probably worth it to ensure that the applications that really do need SecureString don't tempt the authors to use System.String or System.Char[] intermediaries. :-)

    0 讨论(0)
  • 借酒劲吻你
    2020-12-12 16:39

    There is also another way to convert between SecureString and String.

    1. String to SecureString

    SecureString theSecureString = new NetworkCredential("", "myPass").SecurePassword;

    2. SecureString to String

    string theString = new NetworkCredential("", theSecureString).Password;

    Here is the link

    0 讨论(0)
 看不清?
提交回复
热议问题