public static SecureString FromProtectedString(this string protectedData, ref string salt)
{
using (StringToSecureStringMarshal saltMarshalString = new StringToSecureStringMarshal(ref salt, false))
{
using (SecureStringToBytesMarshal saltMarshalBytes = new SecureStringToBytesMarshal(saltMarshalString.SecureString))
{
byte[] protectedByteArray = Convert.FromBase64String(protectedData);
byte[] decryptedData = ProtectedData.Unprotect(protectedByteArray, saltMarshalBytes.Bytes, DataProtectionScope.CurrentUser); //use UnprotectBinaryForUser for null checks
using (BytesToSecureStringMarshal bytesToSecureStringMarshal = new BytesToSecureStringMarshal(ref decryptedData))
{
return(bytesToSecureStringMarshal.SecureString);
}
}
}
}
public static string ToProtectedString(this SecureString secureString, ref string salt, bool emptySaltStringAfterConversion = false)
{
string encrpytedString = null;
RuntimeHelpers.PrepareConstrainedRegions(); //ensure that all operations are finshed, so the dispose is securely called
//PS: we need to protect the code with CER-regions inside the Marshals itself again, because someone could use the Marshals standalone outside the ProtectedString-Method
try { }
finally
{
using (StringToSecureStringMarshal saltToSecureSaltMarshal = new StringToSecureStringMarshal(ref salt, emptySaltStringAfterConversion))
{
using (SecureStringToBytesMarshal secureSaltMarshal = new SecureStringToBytesMarshal(saltToSecureSaltMarshal.SecureString))
{
using (SecureStringToBytesMarshal secureStringMarshal = new SecureStringToBytesMarshal(secureString))
{
encrpytedString = Convert.ToBase64String(ProtectedData.Protect(secureStringMarshal.Bytes, secureSaltMarshal.Bytes, DataProtectionScope.CurrentUser));
}
}
}
}
return(encrpytedString);
}
