Using the SecureString Class

Using the SecureString Class

NET 2.0’s System.Security namespace includes the SecureString class, which lets you create encrypted strings and delete them from memory when they’re no longer needed. You can even make a string behave as a read-only string?and prevent any copies from being made, ensuring that there’s only a single copy in memory. Moreover, you can wipe the string out of memory by calling its Dispose() method.

SecureStrings are similar to Strings, but the framework automatically encrypts them when they’re initialized or modified. SecureStrings remain modifiable until the application marks them as read-only.

To create a SecureString, you append one character at a time:

System.Security.SecureString secString = new System.Security.SecureString();secString.AppendChar('D');secString.AppendChar('e');secString.AppendChar('V');secString.AppendChar('X');secString.AppendChar('P');secString.AppendChar('W');secString.AppendChar('D');

When the string contains the data you want, you can make it immutable and uncopyable by calling the MakeReadOnly method:


To read the secure value, use the SecureStringToBSTR() method as follows:

IntPtr ptr =    System.Runtime.InteropServices.Marshal.SecureStringToBSTR(secString);string sDecrypString =    System.Runtime.InteropServices.Marshal.PtrToStringUni(ptr);

The garbage collector will remove SecureStrings when they’re no longer referenced, but you can dispose of a SecureString by using the Dispose() method:

Share the Post:
data observability

Data Observability Explained

Data is the lifeblood of any successful business, as it is the driving force behind critical decision-making, insight generation, and strategic development. However, due to its intricate nature, ensuring the

Heading photo, Metadata.

What is Metadata?

What is metadata? Well, It’s an odd concept to wrap your head around. Metadata is essentially the secondary layer of data that tracks details about the “regular” data. The regular