Shawn Weisfeld

I find when I talk to myself nobody listens. - Shawn Weisfeld
posts - 365, comments - 176, trackbacks - 34

My Links

News


Shawn Weisfeld's Facebook profile

The views expressed in this blog are mine and mine alone, not that of my employer, Microsoft, or anyone else’s. No warrantee is given for the quality of any material on this site.

Archives

Post Categories

.NET SecureStrings

After the last ONETUG meeting a member came up to me and told me that SecureStrings did not work in .NET. As always I take this as a challenge, and sure enough the proof is in the code.

    1         //Sample borrowed from http://blogs.msdn.com/shawnfa/archive/2004/05/27/143254.aspx

    2         static void Main(string[] args)

    3         {

    4             Console.WriteLine("Please enter your password");

    5             SecureString password = GetPassword();

    6 

    7             Console.WriteLine("Your password was");

    8             PrintPassword(password);

    9 

   10             Console.WriteLine("Press any key to quit");

   11             Console.ReadKey();

   12         }

   13 

   14         /// <summary>

   15         /// Read a password from the console into a SecureString

   16         /// </summary>

   17         /// <returns>Password stored in a secure string</returns>

   18         public static SecureString GetPassword()

   19         {

   20             SecureString password = new SecureString();

   21 

   22             // get the first character of the password

   23             ConsoleKeyInfo nextKey = Console.ReadKey(true);

   24 

   25             while (nextKey.Key != ConsoleKey.Enter)

   26             {

   27                 if (nextKey.Key == ConsoleKey.Backspace)

   28                 {

   29                     if (password.Length > 0)

   30                     {

   31                         password.RemoveAt(password.Length - 1);

   32 

   33                         // erase the last * as well

   34                         Console.Write(nextKey.KeyChar);

   35                         Console.Write(" ");

   36                         Console.Write(nextKey.KeyChar);

   37                     }

   38                 }

   39                 else

   40                 {

   41                     password.AppendChar(nextKey.KeyChar);

   42                     Console.Write("*");

   43                 }

   44 

   45                 nextKey = Console.ReadKey(true);

   46             }

   47 

   48             Console.WriteLine();

   49 

   50             // lock the password down

   51             password.MakeReadOnly();

   52             return password;

   53         }

   54 

   55         /// <summary>

   56         /// Write the Secure string to the console

   57         /// </summary>

   58         /// <param name="password"></param>

   59         public static void PrintPassword(SecureString password)

   60         {

   61             IntPtr bstr = Marshal.SecureStringToBSTR(password);

   62 

   63             try

   64             {

   65                 Console.WriteLine(Marshal.PtrToStringBSTR(bstr));

   66             }

   67             finally

   68             {

   69                 Marshal.ZeroFreeBSTR(bstr);

   70             }

   71 

   72         }

Print | posted on Thursday, January 31, 2008 8:56 PM | Filed Under [ C# ]

Feedback

No comments posted yet.

Post Comment

Title  
Name  
Email
Url
Comment   
Please add 4 and 2 and type the answer here:

Powered by: