Using SecureString
Can this be simplified to a one liner? Feel free to completely rewrite it as long as secureString gets initialized properly.
SecureString secureString = new
-
Slight improvement on Sascha's answer replacing the lambda with a method group
"fizzbuzz".ToCharArray().ToList().ForEach(ss.AppendChar);讨论(0) -
Since
SecureStringutilizes theIDisposeinterface. You could actually do it like this.SecureString secure = new SecureString(); foreach(var character in data.ToCharArray()) secure.AppendChar(character);Essentially the
datawould be a parameter.If you utilize the
usingto help alleviate resources; you'll want to be careful about the scope. But this may be a beneficial alternative, depending on usage.Update:
You could actually do a full method signature:
public static SecureString ConvertStringToSecureString(this string data) { var secure = new SecureString() foreach(var character in data.ToCharArray()) secure.AppendChar(character); secure.MakeReadOnly(); return secure; }For the decryption you would want to do:
public static string ConvertSecureStringToString(this SecureString data) { var pointer = IntPtr.Zero; try { pointer = Marshal.SecureStringToGlobalAllocUnicode(data); return Marshal.PtrToStringUni(pointer); } finally { Marshal.ZeroFreeGlobalAllocUnicode(pointer); } }The following article will give you some additional information as well.
讨论(0) -
Apart from using unsafe code and a
char*, there isn't a (much) better way.The point here is not to copy SecureString contents to/from normal strings. The constant
"fizzbuzz"constant is the security leak here.讨论(0) -
You could use Linq:
"fizzbuzz".ToCharArray().ToList().ForEach(p => secureString.AppendChar(p));讨论(0) -
var s = "fizzbuzz".Aggregate(new SecureString(), (ss, c) => { ss.AppendChar(c); return ss; });讨论(0) -
Here is a how NetworkCredential class from .NET doing it:
SecureString secureString; fixed (char* chPtr = plainString) secureString = new SecureString(chPtr, plainString.Length);Ugly but probably the most efficient.
讨论(0)
加载中...
- 热议问题