securestring

问题 I've a general question about a SecureString as connection string for MySql-Connector. If i understood it right, SecureStrings are a "safe" way to store strings within my program. Now i've two problems with that: I've to read in the password at installation ( TextBox which is string and therefore unsafe) I've to build a connection string for the MySQL-Connector which is string (unsafe again) example: MySqlConnection con = new MySqlConnection(); MySqlConnectionStringBuilder builder = new

问题 If I understand correctly, this is for keeping plain text out of memory, so that the app is secure against esoteric attacks on memory, the garbage heap, or memory paged to disk. The SecureString is fed unmanaged bytes and consumed one unmanaged byte at at time--then the string is erased from memory. (Correct me if I way off!) In ASP.NET, the secret is collected in a webform, which post back in HTTPS. But then the Request object turns all the request values from the form into name value pairs

问题 I have an encrypted standard string, created in powershell via "convertfrom-securestring" and saved to a file. Later, I read this encrypted string with a C# app (under same user ID and on same machine). I want to convert this encrypted string into a securestring object. In powershell, one can do this using "convertto-securestring". How can one do this securely in c#? I am aware of this answer (How can I use ConvertTo-SecureString), but it assumes the encrypted string has been created with a

问题 Is it possible to decrypt a string in C# which is encrypted via PowerShell and how? The string is encrypted via PowerShell as below: $pw = read-host "Enter Password" –AsSecureString ConvertFrom-SecureString $pw | out-file "C:\file.txt" To convert it back with PowerShell I can use these commands that call C# class System.Runtime.InteropServices.Marshal . $pwdSec = Get-Content "C:\file.txt" | ConvertTo-SecureString $bPswd = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pwdSec)

问题 I'm trying to clear the memory contents of a C# string for security reasons. I'm aware of the SecureString class, but unfortunately I cannot use SecureString instead of String in my application. The strings which need to be cleared are created dynamically at runtime (e.g. I'm not trying to clear string literals). Most search result I found basically stated that clearing the contents of a String is not possible (as string are immutable) and SecureString should be used. Therefore, I did come up

问题 My application makes use of the RijndaelManaged class to encrypt data. As a part of this encryption, I use a SecureString object loaded with a password which get's get converted to a byte array and loaded into the RajindaelManaged object's Key at runtime. The question I have is the storage of this SecureString. A user entered password can be entered at run-time, and that can be "securely" loaded into a SecureString object, but if no user entered password is given, then I need to default to

问题 So there's this class that seems very seldom used: SecureString. It's been around since 2.0 at least, and there are a few SO questions on it, but I thought I'd ask my own specific questions: I have a LoginForm; simple WinForms dialog with username and (masked) password fields. When the user enters both and clicks "Login", the information is passed to an injected authentication class that does a layer of key-stretching, then hashes half of the stretched key for verification while the other

问题 I'm looking for Java's equivalent of .NET's SecureString.aspx. Is there such implementation available in 2018? OWASP implementation is not exactly the same because it's just a plain char array. While .NET equivalent provides additional features such as the ability to get an instance from/to unmanaged memory and also encryption. I'm aware of common Java pattern to pass around passwords as char[] and do Arrays.fill() them with zeros after use. But it requires building a trivial utility class

问题 I have an application which takes a string from the Windows Forms text box and passes it to an API which uses a string as the parameter. I see that the string can still be queried from the process memory after the task is complete. I have come across suggestions to use SecureString for string memory management capabilities. But, if I understand correctly, the purpose of the string is defeated if the secure string is built from a string or the value of the secure string is ultimately stored in

问题 How would I get a byte[] equivalent of a SecureString (which I get from a PasswordBox )? My objective is to write these bytes using a CryptoStream to a file, and the Write method of that class takes a byte[] input, so I want to convert the SecureString to the byte[] so I can use in with a CryptoStream . EDIT: I don't want to use string as it defeats the point of having a SecureString 回答1: I modified from the original answer to handle unicode IntPtr unmanagedBytes = Marshal