c# - ProtectedMemory.Unprotect outputs garbage -

c# - ProtectedMemory.Unprotect outputs garbage -

i've got code store , recover authorization token (which alphanumeric):

public static void store (string token) { byte[] buffer = encoding.utf8.getbytes (token.padright (32)); protectedmemory.protect (buffer, memoryprotectionscope.samelogon); settings.default.usertoken = buffer.tohexstring (); settings.default.save (); } public static string retrieve () { byte[] buffer = settings.default.usertoken.fromhexstring (); if (buffer.length == 0) homecoming string.empty; protectedmemory.unprotect (buffer, memoryprotectionscope.samelogon); homecoming encoding.utf8.getstring (buffer).trim (); }

and works fine, although times garbage out (many fd bytes, , readable ones). suspect happens when reboot, i've had difficulties reproducing it.

is intended behaviour? is, memoryprotectionscope.samelogon mean info unreadable upon reboot? doing wrong?

the fromhexstring , tohexstring methods expect them.

yes, protectedmemory fail after reboot (or different memoryprotectionscopes, restart process etc.). it's meant work protect memory, not info storage.

you want utilize protecteddata instead:

protecteddata.protect(buffer, null, dataprotectionscope.currentuser);

both of managed wrappers on dpapi (introduced windows 2000). there's bunch of posts more details on .net security blog - http://blogs.msdn.com/b/shawnfa/archive/2004/05/05/126825.aspx

c# access-token dpapi