Login | Register   
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


Tip of the Day
Language: .NET
Expertise: Intermediate
Aug 21, 2007

Using the SecureString Class

NET 2.0's System.Security namespace includes the SecureString class, which lets you create encrypted strings and delete them from memory when they're no longer needed. You can even make a string behave as a read-only string—and prevent any copies from being made, ensuring that there's only a single copy in memory. Moreover, you can wipe the string out of memory by calling its Dispose() method.

SecureStrings are similar to Strings, but the framework automatically encrypts them when they're initialized or modified. SecureStrings remain modifiable until the application marks them as read-only.

To create a SecureString, you append one character at a time:


System.Security.SecureString secString = new System.Security.SecureString();
secString.AppendChar('D');
secString.AppendChar('e');
secString.AppendChar('V');
secString.AppendChar('X');
secString.AppendChar('P');
secString.AppendChar('W');
secString.AppendChar('D');
When the string contains the data you want, you can make it immutable and uncopyable by calling the MakeReadOnly method:

secString.MakeReadOnly();
To read the secure value, use the SecureStringToBSTR() method as follows:

IntPtr ptr = 
   System.Runtime.InteropServices.Marshal.SecureStringToBSTR(secString);
string sDecrypString = 
   System.Runtime.InteropServices.Marshal.PtrToStringUni(ptr);
The garbage collector will remove SecureStrings when they're no longer referenced, but you can dispose of a SecureString by using the Dispose() method:

secString.Dispose();
Srinath MS
 
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap