SecureString

  • Article

.Net 2.0 has come up with hordes of exciting new features. It's quite difficult to look at them all at one glance. Another new thing that I bumped on was the SecureString class.

Given the sensitivity of the data that some classes might be dealing with, sometimes it becomes really important to secure the data even when it is being processed.

The SecureString object is just like the String object. Except that the value of the SecureString object is automatically encrypted when it is in the memory. Also unlike the String or any other .Net class, the SecureString object can be deleted from the computer memory either by the application using it or the .Net framework garbage collector. 

The SecureString object is encrypted when it is stored in the memory and decrypted only when it is accessed. It uses DPAPI for doing this and hence cannot be available on Win 98, ME and anything less than Win 2000 SP3.