#980 – Getting Data Out of a SecureString

November 22, 2013 2 Comments

Confidential data stored in an instance of the SecureString type is stored in memory on the unmanaged heap, in an encrypted form.

If you need to work with the data in an unencrypted form, you can read the data out of the SecureString into an unmanaged string (BSTR).  Once you are finished working with the confidential string data, you should zero out the memory where it was stored.

Below is an example of using the Marshal.SecureStringToBSTR method to work with string data stored in a SecureString.

        private void DoSomethingWithSecureStringData(SecureString secStr)
        {
            // using System.Runtime.InteropServices
            IntPtr unmStr = Marshal.SecureStringToBSTR(secStr);

            try
            {
                // Do something with unmanaged confidential string here.
            }
            finally
            {
                Marshal.ZeroFreeBSTR(unmStr);
            }
        }

When you call the SecureStringToBSTR method, the SecureString object decrypts its data and copies it to a new BSTR, before re-encrypting it.

 

Filed under Security Tagged with , ,

About Sean
Software developer in the Twin Cities area, passionate about software development and sailing.

2 Responses to #980 – Getting Data Out of a SecureString

  1. Pingback: New Windows 8.1 Settings - The Daily Six Pack: November 25, 2013

  2. Pingback: Dew Drop – November 25, 2013 (#1671) | Morning Dew

Leave a comment