Updated: June 2010
Represents text that should be kept confidential. The text is encrypted for privacy when being used, and deleted from computer memory when no longer needed. This class cannot be inherited.
Assembly: mscorlib (in mscorlib.dll)
Public NotInheritable Class SecureString _ Inherits CriticalFinalizerObject _ Implements IDisposable
Dim instance As SecureString
public sealed class SecureString : CriticalFinalizerObject, IDisposable
public ref class SecureString sealed : public CriticalFinalizerObject, IDisposable
public final class SecureString extends CriticalFinalizerObject implements IDisposable
An instance of the System.String class is both immutable and, when no longer needed, cannot be programmatically scheduled for garbage collection; that is, the instance is read-only after it is created and it is not possible to predict when the instance will be deleted from computer memory. Consequently, if a String object contains sensitive information such as a password, credit card number, or personal data, there is a risk the information could be revealed after it is used because your application cannot delete the data from computer memory.
A SecureString object is similar to a String object in that it has a text value. However, the value of a SecureString object is automatically encrypted, can be modified until your application marks it as read-only, and can be deleted from computer memory by either your application or the .NET Framework garbage collector.
The value of an instance of SecureString is automatically encrypted when the instance is initialized or when the value is modified. Your application can render the instance immutable and prevent further modification by invoking the MakeReadOnly method.
Note that SecureString has no members that inspect, compare, or convert the value of a SecureString. The absence of such members helps protect the value of the instance from accidental or malicious exposure. Use appropriate members of the System.Runtime.InteropServices.Marshal class, such as the SecureStringToBSTR method, to manipulate the value of a SecureString object.
The SecureString class is derived from the CriticalFinalizerObject class and implements the IDisposable interface. For more information about implementing the IDisposable interface, see Garbage Collection.
The SecureString class and its members are not visible to COM. For more information, see ComVisibleAttribute.
Windows 2000 Platform Note: In addition to Windows 2000 Service Pack 4 and later, SecureString is supported on Windows 2000 Service Pack 3.
Windows 95, Windows 98, Windows 98 Second Edition, Windows Millennium Edition Platform Note: The SecureString class is not supported on Windows 98 or Windows Millennium Edition.
The following example demonstrates how to use a SecureString to secure a user's password for use as a credential to start a new process.
Imports System Imports System.ComponentModel Imports System.Diagnostics Imports System.Security Public Class Example Public Shared Sub Main() ' Instantiate the secure string. Dim securePwd As New SecureString() Dim key As ConsoleKeyInfo Console.Write("Enter password: ") Do key = Console.ReadKey(True) ' Ignore any key out of range If CInt(key.Key) >= 65 And CInt(key.Key <= 90) Then ' Append the character to the password. securePwd.AppendChar(key.KeyChar) Console.Write("*") End If ' Exit if Enter key is pressed. Loop While key.Key <> ConsoleKey.Enter Console.WriteLine() Try Process.Start("Notepad.exe", "MyUser", securePwd, "MYDOMAIN") Catch e As Win32Exception Console.WriteLine(e.Message) End Try End Sub End Class
using System; using System.ComponentModel; using System.Diagnostics; using System.Security; public class Example { public static void Main() { // Instantiate the secure string. SecureString securePwd = new SecureString(); ConsoleKeyInfo key; Console.Write("Enter password: "); do { key = Console.ReadKey(true); // Ignore any key out of range. if (((int) key.Key) >= 65 && ((int) key.Key <= 90)) { // Append the character to the password. securePwd.AppendChar(key.KeyChar); Console.Write("*"); } // Exit if Enter key is pressed. } while (key.Key != ConsoleKey.Enter); Console.WriteLine(); try { Process.Start("Notepad.exe", "MyUser", securePwd, "MYDOMAIN"); } catch (Win32Exception e) { Console.WriteLine(e.Message); } } }
System.Runtime.ConstrainedExecution.CriticalFinalizerObject
System.Security.SecureString
Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98
The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
.NET Framework
Supported in: 3.5, 3.0, 2.0Reference
|
Date |
History |
Reason |
|---|---|---|
|
June 2010 |
Added an example. |
Customer feedback. |
private SecureString _password;
public string Password
{
[SecurityCritical]
get
{
string str;
using (SecureString str2 = this._password.Copy())
{
IntPtr s = Marshal.SecureStringToBSTR(str2);
try
{
str = new string((char*) s);
}
finally
{
Marshal.ZeroFreeBSTR(s);
}
}
return str;
}
[SecurityCritical]
set
{
if (value == null) value = string.Empty;
using (SecureString str = new SecureString())
{
for (int i = 0; i < value.Length; i++)
{
str.AppendChar(value[i]);
}
this._password = str.Copy();
}
}
}
To read what you've stored in a SecureString, you must ensure that the decrypted string is never brought into managed code as a String, this would immediately invalidate the whole point of using SecureString in the first place.
To safely acheive this, the decrypted string is accessed via a pointer into the unmanaged world, which I understand is a barron and fiery land where beasts run free and giant volcanoes spew sulphur into the upper atmosphere, or something.
A non-specific peice of malware will go for the low hanging fruit and that means clear text and easy to guess passwords.