29: Security string

The string object may contain some sensitive data, such as the user password.CodeThe code can scan the address space of the Process, find the string containing sensitive data, and use the data in an unauthorized way, even if the string object only takes a short time, then it will be collected by the garbage collector, and CLR may not be able to use the memory of the string object immediately, so that the characters of the string object are kept in the memory of the process for a long time, resulting in the leakage of confidential data, because string objects are immutable, when processing them, the old copies will remain in the memory, so that different versions of strings will be distributed throughout the memory.

To ensure security, FCL has a safer string class system. security. securestring: when constructing a securestring object, it will allocate an unmanaged memory block in the memory, which contains a character array. The reason for using the unmanaged memory is to avoid the garbage collector. These strings are encrypted to prevent any malicious unmanaged code from obtaining confidential information. You can use any of the following methods to retrieve, insert, delete, or set a character in a security string: appendchar, insertat, removeat, and setat. When you call these methods, the characters are decrypted inside the method, execute the specified operation, and then re-encrypt the characters.Program.

The securestring class implements the idisposable interface, so as to provide a simple way to destroy the security content in the string with certainty. When the application no longer needs sensitive string information, it only needs to call the dispose method of securestring. Internally, dispose clears the content of the memory buffer to ensure that malicious code cannot obtain sensitive information, then release the buffer. Note that the securestring class is derived from the criticalfinalizerobject class. Unlike the string object, when a securestring object is recycled, the content of the encrypted string does not exist in the memory.

In. NET Framework 2.0, securestring can be passed as a password in the following cases:

(1)Collaborate with an encryption service provider

(2)Create, import, and export an X.509 Certificate.

(3)Start a new process under a specific user.

(4)Securestring cannot be used in window forms or wed forms.

I can create a method to accept a securestring object parameter. Inside the method, you must have the securestring object create an unmanaged memory buffer, which contains decrypted characters, then we can let this method use the buffer. when accessing the decrypted string, our code should experience as short as possible. After the string is used, the code should be cleared and released as soon as possible, in addition, the content of securestring cannot be put into a string. The secutestring class does not specifically rewrite the tostring method to avoid sensitive data leakage.

The following code demonstrates how to initialize and use a securestring. compile it to specify the/unsafe switch for the C # Compiler:

 

Code
Using System;
Using System. Security;
Using System. runtime. interopservices;

Public   Static   Class Program
{
Public   Static   Void Main ()
{
// After using, securestring is destroyed and no sensitive data exists in the memory.
Using (Securestring SS =   New Securestring ())
{
Console. writeline ( " Please enter a password: " );
While ( True )
{
Consolekeyinfo cki = Console. readkey ( True );
If (Cki. Key = Consolekey. Enter) Break ;

//Append the password string to securestring.
SS. appendchar (cki. keychar );
Console. Write ("*");
}
Console. writeline ();

// The password has been entered and displayed for demonstration Purpose
Console. writeline (SS );
}
}
 
// This method is insecure because it needs to access the unmanaged memory.
Private   Unsafe   Static   Void Displaysecurestring (securestring SS)
{
Char * PC =   Null ;
Try
{
// Decrypts securestring to an unmanaged memory buffer.
PC = (Char * ) Marshal. securestringtocotaskmemunicode (SS );

// Access an unmanaged memory buffer that contains decrypted securestring
For (Int32 Index =   0 ; PC [Index] ! =   0 ; Index ++ )
{
Console. Write (PC [Index]);
}
}
Finally
{
// Are you sure you want to clear and release the unmanaged memory buffer that contains decrypted securestring characters?
If (PC ! =   Null )
{
Marshal. zerofreecotaskmemunicode (intptr) PC );
}
}
}
}