Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
379 views
in Technique[技术] by (71.8m points)

c# - How should IBuffer objects generated through Windows.Security.Cryptography be managed securely?

Following on from my previous question: Do the IBuffer objects produced by the methods in Windows.Security.Cryptography.CryptographicBuffer have security features?

IBuffer objects are returned and used by the cryptographic routines in WinRT. As my previous question was answered, any secure management of those buffers has to be maintained by the user--e.g. overwriting the memory, encrypting when it isn't actively needed, etc. However, methods to interact with the data underlying IBuffers are limited at the C# level.

So, how can C# developers properly manage sensitive data in these IBuffers?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You can wipe out the buffer if you like after use, even with C#. Here is a handy helper:

public static class BufferExtensions
{
  public async static Task ClearContentsAsync(this IBuffer buff)
  {
    var writer = new DataWriter(buff.AsStream().AsOutputStream());
    for (var i = 0; i < buff.Capacity; i++)
      writer.WriteByte(42);
    await writer.StoreAsync();
  }
}

Use it like this:

  var buff = CryptographicBuffer.GenerateRandom(20);
  var before = buff.ToArray();
  await buff.ClearContentsAsync();
  var after = buff.ToArray();
  Debug.WriteLine("{0},{1},{2} - {3},{4},{5}", 
    before[0], before[1], before[2], after[0], after[1], after[2]);

Note that the values in before (copy taken before clearing) are random, but the values in after (copy taken after clearing) are all 42. You can of course use a different value of your choice :-).


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...