[英]Secure way to convert a byte array to SecureString with Base64 encoding
I have a byte[]
which I need to encode in Base64 and return as SecureString
.我有一个byte[]
需要用 Base64 编码并作为SecureString
返回。 My current code is as follows:我目前的代码如下:
string privateString = Convert.ToBase64String(byteArray);
SecureString result = new SecureString();
foreach (char c in privateString)
{
result.AppendChar(c);
}
// wipe the byte array...
The problem is that calling Convert.ToBase64String
is not secure as it creates a managed string which I can't destroy.问题是调用Convert.ToBase64String
并不安全,因为它创建了一个我无法销毁的托管字符串。 Is there a secure way of doing this?有没有安全的方法来做到这一点?
In terms of ways to encode base-64 data without an intermediate string: System.Buffers.Text.Base64
.在没有中间字符串的情况下编码 base-64 数据的方法: System.Buffers.Text.Base64
。 However!然而! SecureString
is not secure and should basically not be used now. SecureString
不安全,现在基本上不应该使用。 Ever.曾经。 It doesn't achieve any useful protection against any meaningful attack.它无法针对任何有意义的攻击实现任何有用的保护。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.