Mo B.
Mo B.

Reputation: 5827

Secure way to convert a byte array to SecureString with Base64 encoding

I have a byte[] which I need to encode in Base64 and return as SecureString. My current code is as follows:

        string privateString = Convert.ToBase64String(byteArray);
        SecureString result = new SecureString();
        foreach (char c in privateString)
        {
            result.AppendChar(c);
        }
        // wipe the byte array...

The problem is that calling Convert.ToBase64String is not secure as it creates a managed string which I can't destroy. Is there a secure way of doing this?

Upvotes: 3

Views: 2201

Answers (1)

Marc Gravell
Marc Gravell

Reputation: 1064324

In terms of ways to encode base-64 data without an intermediate string: System.Buffers.Text.Base64. However! SecureString is not secure and should basically not be used now. Ever. It doesn't achieve any useful protection against any meaningful attack.

Upvotes: 1

Related Questions