Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Based on <a href="https://stackoverflow.com/questions/4503543/c-rsacryptoserviceprovider-decrypt-into-a-securestring-instead-of-byte-array/4503620#4503620">Coding Gorilla's answer</a>, I tried the following in my <code>Decrypt</code> method:</p> <pre><code>string decryptedString1 = string.Empty; foreach (byte b in decryptedBytes) { decryptedString1 += (char)b; } string decryptedString2 = ByteConverter.GetString(decryptedBytes); </code></pre> <p>When debugging, <code>decryptedString1</code> and <code>decryptedString2</code> were not equal:</p> <pre><code>decryptedString1 "m\0y\0V\0e\0r\0y\0L\0o\0n\0g\0V\03\0r\0y\05\03\0c\0r\03\07\0p\04\0s\0s\0w\00\0r\0d\0!\0!\0!\0" decryptedString2 "myVeryLongV3ry53cr37p4ssw0rd!!!" </code></pre> <p>So it looks like I can just go through the <code>byte[]</code> array, do a direct cast to <code>char</code>, and skip <code>\0</code> characters. Like Coding Gorilla said, though, this does seem to again in part defeat the point of <code>SecureString</code>, because the sensitive data is floating about in memory in little <code>byte</code>-size chunks. Any suggestions for getting <code>RSACryptoServiceProvider.Decrypt</code> to return a <code>SecureString</code> directly?</p> <p><strong>Edit:</strong> yep, this works:</p> <pre><code>var secStr = new SecureString(); foreach (byte b in decryptedBytes) { var c = (char)b; if ('\0' == c) { continue; } secStr.AppendChar(c); } return secStr; </code></pre> <p><strong>Edit:</strong> correction: this works with plain old English strings. Encrypting and then attempting to decrypt the string <code>"標準語 明治維新 english やった"</code> doesn't work as expected because the resulting decrypted string, using this <code>foreach (byte b in decryptedBytes)</code> technique, does not match the original unencrypted string.</p> <p><strong>Edit:</strong> using the following works for both:</p> <pre><code>var secStr = new SecureString(); foreach (char c in ByteConverter.GetChars(decryptedBytes)) { secStr.AppendChar(c); } return secStr; </code></pre> <p>This still leaves a byte array and a char array of the password in memory, which sucks. Maybe I should find another RSA class that returns a <code>SecureString</code>. :/</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload