Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
381 views
in Technique[技术] by (71.8m points)

c# - How should IBuffer objects generated through Windows.Security.Cryptography be managed securely?

Following on from my previous question: Do the IBuffer objects produced by the methods in Windows.Security.Cryptography.CryptographicBuffer have security features?

IBuffer objects are returned and used by the cryptographic routines in WinRT. As my previous question was answered, any secure management of those buffers has to be maintained by the user--e.g. overwriting the memory, encrypting when it isn't actively needed, etc. However, methods to interact with the data underlying IBuffers are limited at the C# level.

So, how can C# developers properly manage sensitive data in these IBuffers?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

You can wipe out the buffer if you like after use, even with C#. Here is a handy helper:

public static class BufferExtensions
{
  public async static Task ClearContentsAsync(this IBuffer buff)
  {
    var writer = new DataWriter(buff.AsStream().AsOutputStream());
    for (var i = 0; i < buff.Capacity; i++)
      writer.WriteByte(42);
    await writer.StoreAsync();
  }
}

Use it like this:

  var buff = CryptographicBuffer.GenerateRandom(20);
  var before = buff.ToArray();
  await buff.ClearContentsAsync();
  var after = buff.ToArray();
  Debug.WriteLine("{0},{1},{2} - {3},{4},{5}", 
    before[0], before[1], before[2], after[0], after[1], after[2]);

Note that the values in before (copy taken before clearing) are random, but the values in after (copy taken after clearing) are all 42. You can of course use a different value of your choice :-).


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...