Best IT Recipes

Convert string to SecureString

How to convert String to SecureString ?

+55
security c # securestring
Oct. 15 '09 at 5:18
source share
12 answers

No. The whole reason for using the SecureString object is to avoid creating a string object (which is loaded into memory and stored there in plain text before garbage collection). However, you can add characters to SecureString by adding them.

 var s = new SecureString(); s.AppendChar('d'); s.AppendChar('u'); s.AppendChar('m'); s.AppendChar('b'); s.AppendChar('p'); s.AppendChar('a'); s.AppendChar('s'); s.AppendChar('s'); s.AppendChar('w'); s.AppendChar('d');
+78
Oct. 15 '09 at 5:28
source share

below method helps convert string to protected string

 private SecureString ConvertToSecureString(string password) { if (password == null) throw new ArgumentNullException("password"); var securePassword = new SecureString(); foreach (char c in password) securePassword.AppendChar(c); securePassword.MakeReadOnly(); return securePassword; }
+36
Jun 02 '14 at
source share

There is also another way to convert between SecureString and String .

1. String in SecureString

 SecureString theSecureString = new NetworkCredential("", "myPass").SecurePassword;

2. SecureString to String

 string theString = new NetworkCredential("", theSecureString).Password;

Here's the link

+32
Mar 29 '17 at 4:51 on
source share

You can follow this:

 string password = "test"; SecureString sec_pass = new SecureString(); Array.ForEach(password.ToArray(), sec_pass.AppendChar); sec_pass.MakeReadOnly();
+10
Aug 6 '14 at 4:38
source share
 unsafe { fixed(char* psz = password) return new SecureString(psz, password.Length); }
+6
Mar 03 '15 at 18:20
source share

I will throw it away. Why?

You cannot just change all your lines to protect lines, and suddenly your application is "safe". The protected string is designed to keep the string encrypted for as long as possible and only decrypt for a very short period of time, wiping the memory after performing operations on it.

I would say that you might have problems with the design level before worrying about protecting application strings. Give us more information about what you are trying to do, and we can help you better.

+4
15 Oct '09 at 5:25
source share

Here is a cheap linq trick.

  SecureString sec = new SecureString(); string pwd = "abc123"; /* Not Secure! */ pwd.ToCharArray().ToList().ForEach(c => sec.AppendChar(c)); /* and now : seal the deal */ sec.MakeReadOnly();
+4
Jun 25 '15 at 20:48
source share

I agree with Spence (+1), but if you do this for training or testing, you can use foreach in the string, adding each char to a securestring using the AppendChar method.

+3
Oct. 15 '09 at 5:29
source share

there is no linq fantasy without adding all the characters manually, simple and simple:

 var str = "foo"; var sc = new SecureString(); foreach(char c in str) sc.appendChar(c);
+3
Jul 12 '16 at 10:31
source share

If you want to compress the conversion of string in SecureString to LINQ statement, you can express it as follows:

 var plain = "The quick brown fox jumps over the lazy dog"; var secure = plain .ToCharArray() .Aggregate( new SecureString() , (s, c) => { s.AppendChar(c); return s; } , (s) => { s.MakeReadOnly(); return s; } );

However, keep in mind that using LINQ does not increase the security of this solution. It suffers from the same drawback as any conversion from string to SecureString . As long as the original string remains in memory, the data is vulnerable.

As stated above, the proposal proposed above is to combine the creation of SecureString , its initialization with data and, finally, blocking it from modification.

+2
Jul 28 '15 at 8:05
source share

you can use this simple script

 private SecureString SecureStringConverter(string pass) { SecureString ret = new SecureString(); foreach (char chr in pass.ToCharArray()) ret.AppendChar(chr); return ret; }
+1
Oct 28 '17 at 6:32
source share

The following 2 extensions should do the trick:

  • For char array

     public static SecureString ToSecureString(this char[] _self) { SecureString knox = new SecureString(); foreach (char c in _self) { knox.AppendChar(c); } return knox; }

  • And for string

     public static SecureString ToSecureString(this string _self) { SecureString knox = new SecureString(); char[] chars = _self.ToCharArray(); foreach (char c in chars) { knox.AppendChar(c); } return knox; }

Thanks to John Dagg for recommending AppendChar .

0
Jul 04 '17 at 14:05
source share


More articles:


All Articles