i building windows store app uses cryptography. means extensive use of cryptographicbuffer class. app security-sensitive, make sure zeroize buffer's after use. doing same thing byte[]'s when use them.
to zeroize them, we'd to:
- write 1's.
- write pattern. using 0,1,2,...254,255,0,1...
- write 0's.
the solution have come create extension method each of ibuffer , byte[] me. byte[] believe it's pretty straightforward:
public static void zeroize(this byte[] bytes) { (int = 0; < bytes.length; i++) { bytes[i] = 255; } (int = 0; < bytes.length; i++) { bytes[i] = (byte)(i % 255); } (int = 0; < bytes.length; i++) { bytes[i] = 0; } } for ibuffer, it's little bit more difficult, in don't seem direct access buffer. through system.runtime.interopservices.windowsruntime; seem few useful methods, such ibuffer.copyto , ibuffer.asstream, give direct access buffer or underlying stream. solution have come this:
public static void zeroize(this ibuffer buffer) { var capacity = buffer.capacity; byte[] towrite = new byte[capacity]; (int = 0; < capacity; i++) { towrite[i] = 255; } towrite.asbuffer().copyto(buffer); (int = 0; < capacity; i++) { towrite[i] = (byte)(i % 255); } towrite.asbuffer().copyto(buffer); (int = 0; < capacity; i++) { towrite[i] = 0; } towrite.asbuffer().copyto(buffer); } my questions thus: there better way doing this? there other hidden methods (interopservices isn't advertised well) make bit easier/more efficient/more secure?
note: realize zeroization process may overkill, requested owner.
