securestring

Decrypt string with Rijndael return “System.SecureString” (as a string) but not the string

断了今生、忘了曾经 提交于 2021-01-29 08:23:49
问题 I'm using Rijndael Algorithm to encrypt strings (user passwords), but when I decrypt them, it returns me "System.SecureString", and not my decrypted password. I'm using this basic code: public static string DecryptString(string cipherText, string password) { byte[] key, iv; Rfc2898DeriveBytes rfcDb = new Rfc2898DeriveBytes(password, Encoding.UTF8.GetBytes(password)); key = rfcDb.GetBytes(16); iv = rfcDb.GetBytes(16); byte[] cipheredData = Convert.FromBase64String(cipherText); RijndaelManaged

Get SecureString as a Plain Text Parameter

本小妞迷上赌 提交于 2021-01-29 06:51:20
问题 I'm trying to get a SecureString as plain text parameter to a command line PowerShell. I know what is the form of the secure string. For example, the string "abc" would be a Secure String of "71289371289". Then, I want to pass "71289371289" as a parameter to the script (Running it from command line), that would be my Secure String and then Decrypt it to a clear text to pass it to another program i'm calling from Powershell. How would I do something like this? Update: I ended up using Credfile

C# & WPF - Using SecureString for a client-side HTTP API password

半城伤御伤魂 提交于 2021-01-27 20:05:42
问题 When writing a WPF application, the PasswordBox stores the entered password as a SecureString . This totally makes sense. However, I want to send the password via a HTTP API, and the HttpClient PostAsync seems to accept strings for form-encoded data. I am aware that other people have asked related questions, most notably Is SecureString ever practical in a C# application?, but I have not found a satisfactory method to send this SecureString to the Http endpoint, without first converting it to

How to protect strings without SecureString?

谁说我不能喝 提交于 2020-05-29 14:47:32
问题 The use case is to protect strings in memory programming in c#. The use of the class SecureString (https://docs.microsoft.com/en-us/dotnet/api/system.security.securestring?view=netframework-4.7.2) is discouraged by Microsoft itself. I was wondering if it could be a valid alternative to: transform the string in a byte array and immediately set the string to null (and eventually call the garbage collector), encrypt the byte array with the class ProtectedMemory. Any suggestion? 回答1: There is no