Ayende @ Rahien

Hi!
My name is Ayende Rahien
Founder of Hibernating Rhinos LTD and RavenDB.
You can reach me by phone or email:

ayende@ayende.com

+972 52-548-6969

@

Posts: 5,947 | Comments: 44,540

filter by tags archive

System.Security.SecureString annoyances


SecureString has exactly one purpose. Take information from the user and pass it to unmanaged function. anything else that you would try to do with it seems to be incredibly hard to do.

I wanted to extend Rhino Service Bus so a message that contained SecureString members would be automatically encrypted on the wire. It seemed like a nice & easy option to provide field level security for messages. However, it doesn’t seem to be a viable option, because working with SecureString is such an awkward task. I have created a WireEncryptedString class and I’ll just use that instead. Grr….


Comments

Mihailo

Hi Oren,

SecureString is ment to be used only locally, for storing sensitive information in memory while the application is running, and it is its sole purpose. Encryption/decryption is machine specific and even if you could send it over wire you wouldn't be able to decrypt it on other machine.

Cheers,

Mihailo

Ayende Rahien

I know that, I wanted to be able to use that as a "tag" for the serialization format to be able to use that for knowing that it needs to be encrypted.

The problem is that it has so many limitations on its use that it is not worth even trying.

Ayende Rahien

Alberto,

the problem isn't the actual encryption, the problem is that SecureString is so heavily limited as to be utterly and completely useless.

Adam Tybor

Extension Methods to the rescue.... They seem pretty silly to me, but it was a recent requirement to use SecureStrings for some stuff.

public static SecureString ToSecureString(this string value)

{

  var secureString = new SecureString();

  if (!string.IsNullOrEmpty(value))

  {

    foreach (char c in value)

    {

      secureString.AppendChar(c);

    }

  }


  secureString.MakeReadOnly();

  return secureString;

}


public static void WorkWith(this SecureString secureString, Action

<string work)

{

  IntPtr bzPtr = Marshal.SecureStringToBSTR(secureString);

  try

  {

    work(Marshal.PtrToStringBSTR(bzPtr));

  }

  finally

  {

    Marshal.ZeroFreeBSTR(bzPtr);

  }

}


public static void WorkWith(this SecureString secureStringA0, SecureString secureStringA1, Action

<string,> work)

{

  IntPtr bzPtrA0 = Marshal.SecureStringToBSTR(secureStringA0);

  IntPtr bzPtrA1 = Marshal.SecureStringToBSTR(secureStringA1);

  try

  {

    work(Marshal.PtrToStringBSTR(bzPtrA0), Marshal.PtrToStringBSTR(bzPtrA1));

  }

  finally

  {

    Marshal.ZeroFreeBSTR(bzPtrA0);

    Marshal.ZeroFreeBSTR(bzPtrA1);

  }

}
configurator

@Adam: You do realize you're defeating the purpose of a SecureString when you do that, right? The entire idea behind SecureString is that the complete string can never be kept in memory - and if you make it from a string the complete string is already in memory.

Adam Tybor

@configurator... Yes I do, hence my comment "They seem pretty silly to me, but it was a recent requirement to use SecureStrings for some stuff."

I don't make the requirements and I won't turn every little battle into a war. The client is aware that "ThisIsAlreadyFubar".ToSecureString() defeats the purpose but it seems they still want it.

Ayende Rahien

That is the same issue that I arrived at, and as a result I am not using it.

Comment preview

Comments have been closed on this topic.

FUTURE POSTS

No future posts left, oh my!

RECENT SERIES

  1. RavenDB Sharding (2):
    21 May 2015 - Adding a new shard to an existing cluster, the easy way
  2. The RavenDB Comic Strip (2):
    20 May 2015 - Part II – a team in trouble!
  3. Challenge (45):
    28 Apr 2015 - What is the meaning of this change?
  4. Interview question (2):
    30 Mar 2015 - fix the index
  5. Excerpts from the RavenDB Performance team report (20):
    20 Feb 2015 - Optimizing Compare – The circle of life (a post-mortem)
View all series

RECENT COMMENTS

Syndication

Main feed Feed Stats
Comments feed   Comments Feed Stats