public static SecureString FromProtectedString(this string protectedData, ref string salt)
        {
            using (StringToSecureStringMarshal saltMarshalString = new StringToSecureStringMarshal(ref salt, false))
            {
                using (SecureStringToBytesMarshal saltMarshalBytes = new SecureStringToBytesMarshal(saltMarshalString.SecureString))
                {
                    byte[] protectedByteArray = Convert.FromBase64String(protectedData);
                    byte[] decryptedData      = ProtectedData.Unprotect(protectedByteArray, saltMarshalBytes.Bytes, DataProtectionScope.CurrentUser); //use UnprotectBinaryForUser for null checks

                    using (BytesToSecureStringMarshal bytesToSecureStringMarshal = new BytesToSecureStringMarshal(ref decryptedData))
                    {
                        return(bytesToSecureStringMarshal.SecureString);
                    }
                }
            }
        }
        public static string ToProtectedString(this SecureString secureString, ref string salt, bool emptySaltStringAfterConversion = false)
        {
            string encrpytedString = null;

            RuntimeHelpers.PrepareConstrainedRegions(); //ensure that all operations are finshed, so the dispose is securely called
            //PS: we need to protect the code with CER-regions inside the Marshals itself again, because someone could use the Marshals standalone outside the ProtectedString-Method
            try { }
            finally
            {
                using (StringToSecureStringMarshal saltToSecureSaltMarshal = new StringToSecureStringMarshal(ref salt, emptySaltStringAfterConversion))
                {
                    using (SecureStringToBytesMarshal secureSaltMarshal = new SecureStringToBytesMarshal(saltToSecureSaltMarshal.SecureString))
                    {
                        using (SecureStringToBytesMarshal secureStringMarshal = new SecureStringToBytesMarshal(secureString))
                        {
                            encrpytedString = Convert.ToBase64String(ProtectedData.Protect(secureStringMarshal.Bytes, secureSaltMarshal.Bytes, DataProtectionScope.CurrentUser));
                        }
                    }
                }
            }

            return(encrpytedString);
        }