Mo B.
Reputation: 5827
Secure way to convert a byte array to SecureString with Base64 encoding
I have a byte[] which I need to encode in Base64 and return as SecureString. My current code is as follows:
string privateString = Convert.ToBase64String(byteArray);
SecureString result = new SecureString();
foreach (char c in privateString)
{
result.AppendChar(c);
}
// wipe the byte array...
The problem is that calling Convert.ToBase64String is not secure as it creates a managed string which I can't destroy.
Is there a secure way of doing this?
Upvotes: 3
Views: 2201
Answers (1)
Marc Gravell
Reputation: 1064324
In terms of ways to encode base-64 data without an intermediate string: System.Buffers.Text.Base64. However! SecureString is not secure and should basically not be used now. Ever. It doesn't achieve any useful protection against any meaningful attack.
Upvotes: 1
Related Questions
- An efficient way to Base64 encode a byte array?
- SecureString to Byte[] C#
- C# convert SecureString to UTF-8 byte[] securely
- C# Convert a Base64 -> byte[]
- converting Byte array to SecureString
- Base64 Encoded String to byte array C# Failing
- Byte arrays to base64 string
- How to Convert Base64String to Byte[]
- Conversion from byte array to base64 and back
- Convert a base64string back to byte[]