<p><span>I'm designing a system for Windows
initiated Single Sign-On against RACF. </span></p>
<p><span>I keep my RACF-passwords in fields of the
new .net 2.0 type System.Security.SecureString. I need to store these
passwords
in a SQL server 2005 database between user sessions. Hence, I need to
convert
the SecureString into an encrypted string. </span></p>
<p><span>I could of course convert the SecureString
into a string before encryption, but this would compromise the
security of the
system. </span></p>
<p><span>My suggestion is to read the bytes of the
SecureString byte by byte, writing the each byte directly into a
CryptoStream
like this:</span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New";color:blue'>private</
span><span
lang=EN-GB style='font-size:8.0pt;font-family:"Courier New"'> <span
style='color:blue'>static</span> <span style='color:blue'>string</
span>
SecurePassword2EncryptedPassword(<span
style='color:#2B91AF'>SecureString</span>
password)</span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'>{</span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> </span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier
New";color:#2B91AF'> SymmetricAlgorithm</span><span
lang=EN-GB style='font-size:8.0pt;font-family:"Courier New"'>
cryptoAlg =
GetCryptoAlg();</span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier
New";color:#2B91AF'> ICryptoTransform</span><span
lang=EN-GB style='font-size:8.0pt;font-family:"Courier New"'>
encryptor =
cryptoAlg.CreateEncryptor();</span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> </span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier
New";color:#2B91AF'> MemoryStream</span><span
lang=EN-GB style='font-size:8.0pt;font-family:"Courier New"'>
outStream = <span
style='color:blue'>new</span> <span
style='color:#2B91AF'>MemoryStream</span>();</span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New";color:blue'> using</
span><span
lang=EN-GB style='font-size:8.0pt;font-family:"Courier New"'> (<span
style='color:#2B91AF'>CryptoStream</span> encryptStream = <span
style='color:blue'>new</span> <span
style='color:#2B91AF'>CryptoStream</span>(outStream,
encryptor, <span style='color:#2B91AF'>CryptoStreamMode</
span>.Write))</span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> {</
span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> </span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'>
<span
style='color:#2B91AF'>IntPtr</span> bstr = <span
style='color:#2B91AF'>Marshal</span>.SecureStringToBSTR(password);</
span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> </span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'>
<span
style='color:blue'>try</span></span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> {</
span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'>
<span
style='color:blue'>byte</span> b;</span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'>
<span
style='color:blue'>for</span> (<span style='color:blue'>int</span>
ofset = 0;
ofset < password.Length * 2; ofset = ofset + 2)</span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'>
{</span></p>
<p style='text-autospace:none'><b><span
style='font-size:10.0pt;font-family:"Courier
New"'> b = <span
style='color:#2B91AF'>Marshal</span>.ReadByte(bstr, ofset);</span></
b></p>
<p style='text-autospace:none'><b><span
style='font-size:10.0pt;font-family:"Courier
New"'>
encryptStream.WriteByte(b);</span></b></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> </span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier
New"'> }</span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'>
b = 0;</span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> </span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'>
encryptStream.FlushFinalBlock();</span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> </span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> }</
span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'>
<span
style='color:blue'>finally</span></span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> {</
span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'>
<span
style='color:#2B91AF'>Marshal</span>.ZeroFreeBSTR(bstr);</span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> }</
span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> </span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> </span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New";color:blue'> return</
span><span
lang=EN-GB style='font-size:8.0pt;font-family:"Courier New"'> <span
style='color:#2B91AF'>Convert</
span>.ToBase64String(outStream.ToArray());</span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> </span></p>
<p style='text-autospace:none'><span
style='font-size:8.0pt;font-family:"Courier New"'> </span><span
style='font-size:8.0pt;font-family:"Courier New"'>}</span></p>
<p><span style='font-size:8.0pt;font-family:"Courier New"'>}</span></
p>
<p><span style='font-size:8.0pt;font-family:"Courier New"'> </
span></p>
<p><span>Is my way, <i>the</i> secure way of
converting a SecureString into an encrypted string? Or should I do
something
else?</span></p>
<p><span> </span></p>
<p><span>Best regards</span></p>
<p><span> </span></p>
<p><span>Michael Brandt Lassen</span></p>
<p><span>3F</span><span>, Denmark</span></p>
<p><span style='font-size:8.0pt'> </span></p>
</body>
</html>
How to convert a SecureString into an encrypted String in a secure manner? -
08-28-2007
, 06:28 AM
Linear Mode
