How to allocate and release securestring instances

Analyze problems

System. Security. securestring is designed to save confidential strings to do what traditional strings cannot do. Traditional strings are allocated in the memory in the form of clear code. A simple memory read/write software can easily capture these strings, which is not allowed in some confidential systems. Readers may think that string encryption will solve similar problems, but in fact, strings have been explicitly stored in the memory for a long time, the only solution to this problem is to encrypt the string directly during the acquisition process. The original design of securestring is to solve this type of problem.

To ensure its security, securestring is allocated differently from the Traditional string, which is allocated on the unmanaged memory. In addition, the securestring object exists in the encrypted form from the very beginning of the allocation. All operations on securestring, including addition, deletion, and insertion, are carried out by character. When these operations are performed, the security strings residing in the unmanaged memory will be decrypted, then the operation is performed, and finally encrypted. During the operation, the string is in the plaintext state for a short period of time, but the character-by-character mechanism keeps this period of time in a very short interval, to ensure that it is difficult for the cracked program to have the opportunity to read the plaintext string.

System. security. securestring implements the standard dispose/finalize mode. This is because the objects are allocated in the unmanaged memory. Therefore, each object must be released after the scope exits. The release method of securestring is to set all the object memory to 0, not only to tell CLR that the memory can be allocated, but also to ensure security. The following code shows how to use system. Security. securestring.

　　

using System;using System.Security;using System.Runtime.InteropServices;namespace Test{    class UseSecureString    {        static void Main()        {            //Use using guarantee the Dispose method is invoked            using (SecureString ss = new SecureString ())            {                //Only one character to visit SecureString object                ss.AppendChar(‘a‘);                ss.AppendChar(‘c‘);                ss.AppendChar(‘d‘);                ss.InsertAt(1,‘c‘);                PrintSecureString(ss);                Console.Read();            }        }        //Print SecureString object        unsafe static void PrintSecureString(SecureString ss)        {            char* buffer = null;            try            {                buffer = (char*)Marshal.SecureStringToCoTaskMemUnicode(ss);                for (int i = 0;*(buffer+i)!=‘\0‘; i++)                {                    Console.Write(*(buffer + i));                }                Console.Write("\r\n");            }            finally            {                 //Release the memory object                if (buffer!=null)                {                    Marshal.ZeroFreeCoTaskMemUnicode((IntPtr)buffer);                }            }        }    }}

Note:

　　To display the content of securestring, the program needs to access the unmanaged memory block. The printsecurestring method uses the unsafe keyword. Therefore, you need to add/unsafe for development during compilation. Project-property-generate-Insecure code is allowed.

In the above Code, the program assigns a secure string type and provides a method to print secure characters. The marshal. securestringtotaskmemunicode method is used to decrypt the Security string to an unmanaged memory block. You must note that it should be released when using the unmanaged memory.

Answer

System. Security. securestring provides the encrypted string type. Its objects are allocated to the unmanaged memory and saved in encrypted form. Operations on securestring are character-by-character, and securestring is responsible for decryption and encryption during the operation. Securestring implements the standard dispose/Finalize method. when an object is released, it is set to 0 first to ensure that confidential information does not reside in the memory for a long time.