使用 Base64 编码将字节数组转换为 SecureString 的安全方法
[英]Secure way to convert a byte array to SecureString with Base64 encoding
问题描述
I have a byte[] which I need to encode in Base64 and return as SecureString .
我有一个byte[]需要用 Base64 编码并作为SecureString返回。 My current code is as follows:我目前的代码如下:
string privateString = Convert.ToBase64String(byteArray);
SecureString result = new SecureString();
foreach (char c in privateString)
{
result.AppendChar(c);
}
// wipe the byte array...
The problem is that calling Convert.ToBase64String is not secure as it creates a managed string which I can't destroy.问题是调用Convert.ToBase64String并不安全,因为它创建了一个我无法销毁的托管字符串。 Is there a secure way of doing this?有没有安全的方法来做到这一点?
1 个解决方案
解决方案1
1 已采纳 2020-03-17 11:49:28
In terms of ways to encode base-64 data without an intermediate string: System.Buffers.Text.Base64 .在没有中间字符串的情况下编码 base-64 数据的方法: System.Buffers.Text.Base64 。 However!然而! SecureString is not secure and should basically not be used now. SecureString不安全,现在基本上不应该使用。 Ever.曾经。 It doesn't achieve any useful protection against any meaningful attack.它无法针对任何有意义的攻击实现任何有用的保护。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.