vod8pa
Last Updated: February 25, 2016
·
1.401K
· artfulhacker
10425126 10103995008712411 6222461894198440691 n

.net SecureString but what about other data types?

I have used secure string before but now I needed to protect other types of objects in memory, what is the best way to do this?

Start with the following example, taken from here:

using System;
using System.Security.Cryptography;

public class DataProtectionSample
{
// Create byte array for additional entropy when using Protect method. 
    static byte [] s_aditionalEntropy = { 9, 8, 7, 6, 5 };

public static void Main()
{
// Create a simple byte array containing data to be encrypted. 

byte [] secret = { 0, 1, 2, 3, 4, 1, 2, 3, 4 };

//Encrypt the data. 
    byte [] encryptedSecret = Protect( secret );
    Console.WriteLine("The encrypted byte array is:");
    PrintValues(encryptedSecret);

// Decrypt the data and store in a byte array. 
    byte [] originalData = Unprotect( encryptedSecret );
    Console.WriteLine("{0}The original data is:", Environment.NewLine);
    PrintValues(originalData);

}

public static byte [] Protect( byte [] data )
{
    try
    {
        // Encrypt the data using DataProtectionScope.CurrentUser. The result can be decrypted 
        //  only by the same current user. 
        return ProtectedData.Protect( data, s_aditionalEntropy, DataProtectionScope.CurrentUser );
    } 
    catch (CryptographicException e)
    {
        Console.WriteLine("Data was not encrypted. An error occurred.");
        Console.WriteLine(e.ToString());
        return null;
    }
}

public static byte [] Unprotect( byte [] data )
{
    try
    {
        //Decrypt the data using DataProtectionScope.CurrentUser. 
        return ProtectedData.Unprotect( data, s_aditionalEntropy, DataProtectionScope.CurrentUser );
    } 
    catch (CryptographicException e)
    {
        Console.WriteLine("Data was not decrypted. An error occurred.");
        Console.WriteLine(e.ToString());
        return null;
    }
}

public static void PrintValues( Byte[] myArr )  
{
      foreach ( Byte i in myArr )  
        {
             Console.Write( "\t{0}", i );
         }
  Console.WriteLine();
 }

}

Use these methods in this example to protect objects held in memory, all .net objects can be represented with a byte array some with native methods to serialize and deserialize them. You could then use public get and set methods to retrieve and store the data.

The following shows how we can store a guid in a class using protected data:

public Guid secureGUID
{
    get
    {
        return new Guid(Unprotect(_secureGUID));
    }
    set
    {
        _secureGUID = Protect(value.ToByteArray());
    }
}

private byte[] _secureGUID;

The other thing you will want to make sure you do is run the Array.Clear on dispose of the class, to ensure the array data has been overwritten with zeros in memory.

Say Thanks
Respond