Convert String to SecureString

Question

How to convert String to SecureString

User · Accepted Answer

You don t   The whole reason for using the SecureString object is to avoid creating a string object  which is loaded into memory and kept there in plaintext until garbage collection    However  you can add characters to a SecureString by appending them   var s   new SecureString    s AppendChar  d    s AppendChar  u    s AppendChar  m    s AppendChar  b    s AppendChar  p    s AppendChar  a    s AppendChar  s    s AppendChar  s    s AppendChar  w    s AppendChar  d

User · Answer

unsafe        fixed char  psz   password          return new SecureString psz  password Length

User · Answer

There is also another way to convert between SecureString and String    1  String to SecureString  SecureString theSecureString   new NetworkCredential      myPass   SecurePassword    2  SecureString to String  string theString   new NetworkCredential     theSecureString  Password    Here is the link

User · Answer

I ll throw this out there   Why   You can t just change all your strings to secure strings and suddenly your application is  secure    Secure string is designed to keep the string encrypted for as long as possible  and only decrypted for a very short period of time  wiping the memory after an operation has been performed upon it   I would hazard saying that you may have some design level issues to deal with before worrying about securing your application strings   Give us some more information on what your trying to do and we may be able to help better

User · Answer

I just want to point out to all the people saying   That s not the point of SecureString   that many of the people asking this question might be in an application where  for whatever reason  justified or not  they are not particularly concerned about having a temporary copy of the password sit on the heap as a GC-able string  but they have to use an API that only accepts SecureString objects  So  you have an app where you don t care whether the password is on the heap  maybe it s internal-use only and the password is only there because it s required by the underlying network protocols  and you find that that string where the password is stored cannot be used to e g  set up a remote PowerShell Runspace -- but there is no easy  straight-forward one-liner to create that SecureString that you need  It s a minor inconvenience -- but probably worth it to ensure that the applications that really do need SecureString don t tempt the authors to use System String or System Char   intermediaries   -

User · Answer

you can use this simple script  private SecureString SecureStringConverter string pass        SecureString ret   new SecureString         foreach  char chr in pass ToCharArray            ret AppendChar chr        return ret

User · Answer

Here is a cheap linq trick               SecureString sec   new SecureString                string pwd    abc123      Not Secure                 pwd ToCharArray   ToList   ForEach sec AppendChar                  and now   seal the deal                sec MakeReadOnly

User · Answer

below method helps to convert string to secure string  private SecureString ConvertToSecureString string password        if  password    null          throw new ArgumentNullException  password         var securePassword   new SecureString         foreach  char c in password          securePassword AppendChar c        securePassword MakeReadOnly        return securePassword

User · Answer

You can follow this   string password    test   SecureString sec pass   new SecureString    Array ForEach password ToArray    sec pass AppendChar   sec pass MakeReadOnly

User · Answer

If you would like to compress the conversion of a string to a SecureString into a LINQ statement you can express it as follows   var plain     The quick brown fox jumps over the lazy dog   var secure   plain               ToCharArray                 Aggregate  new SecureString                             s  c    gt    s AppendChar c   return s                              s       gt    s MakeReadOnly    return s                                However  keep in mind that using LINQ does not improve the security of this solution  It suffers from the same flaw as any conversion from string to SecureString  As long as the original string remains in memory the data is vulnerable   That being said  what the above statement can offer is keeping together the creation of the SecureString  its initialization with data and finally locking it from modification

User · Answer

The following 2 extensions should do the trick    For a char array  public static SecureString ToSecureString this char    self        SecureString knox   new SecureString        foreach  char c in  self                knox AppendChar c             return knox     And for string  public static SecureString ToSecureString this string  self        SecureString knox   new SecureString        char   chars    self ToCharArray        foreach  char c in chars                knox AppendChar c             return knox       Thanks to John Dagg for the AppendChar recommendation

User · Answer

no fancy linq  not adding all the chars by hand  just plain and simple   var str    foo   var sc   new SecureString    foreach char c in str  sc appendChar c

User · Answer

I m agree with Spence   1   but if you re doing it for learning or testing pourposes  you can use a foreach in the string  appending each char to the securestring using the AppendChar method

[c#] Convert String to SecureString

Examples related to c#

Examples related to .net

Examples related to security

Examples related to securestring