[Mono-dev] [PATCH] SecureString implementation

Ben Maurer bmaurer at ximian.com
Fri Dec 9 16:28:40 EST 2005

On Fri, 2005-12-09 at 15:14 -0500, Sebastien Pouliot wrote:
> Hello,
> This patch almost complete the SecureString implementation. The
> missing pieces are:
> - the new Marshal.SecureStringTo... methods; and
> - that, AFAIK, the runtime doesn't support CriticalFinalizerObject
> SecureString is implemented on top of ProtectedMemory. On Windows Data
> Protection API (DPAPI) is used to implement ProtectedMemory while on
> Linux (and other platforms) I added AES support into the runtime (so
> we get partial ProtectedMemory support).
> The AES implementation used (too large to be part of the patch) can be
> found at:
> http://www.mirrors.wiretapped.net/security/cryptography/algorithms/aes/aes-c-rijmen/
> P.S. Support for some of the new Marshal methods will be added later.

Why does this need to be implemented in unmanaged code? The win32 apis
could be pinvoked, and we already have an AES implementation in managed
code. Your code mentioned "ProtectedMemory is in System.Security.dll -
move this into the runtime/icall". If that is the only reason, there are
workarounds we could use (reflection to acquire a delegate, implement it
in mscorlib and use the internals visible to stuff).

-- Ben

More information about the Mono-devel-list mailing list