mheyman/Isopoh.Cryptography.SecureArrayv2.0.0
.NET3.1.NET 6.0.NET 7.0.NET Std2.0
A managed class that can hold an array in RAM and zero it on disposal. The code has the capability to throw if it cannot lock the array in RAM or gracefully degrade to merely pinning the memory to prevent the CLR from moving it and risking exposure to other part of the executable.
Get Started
$ dotnet add package Isopoh.Cryptography.SecureArrayReadme
SecureArray
You can think of the SecureArray sort of like you would think of
SecureString
except that SecureString does crypto (usually -
encryption isn't supported everywhere)
to protect its sensitive data and has windows of vulnerability when it
decrypts the string for use. SecureArray protects its data by locking the
data into RAM to keep it from swapping to disk and also zeroing the buffer when
disposed. So, unlike SecureString, any process with access to your process's
memory will be able to read the data in your SecureArray, but you do not
have to worry about your data persisting anywhere or multiple copies of your
data floating around RAM due to C#'s memory management.
Because it locks the memory into RAM (and at a non-movable-by-the-garbage-collector location), you need to use it as infrequently as possible and for as short a time as possible. RAM secured this way puts stress on the computer as a whole by denying physical RAM for other processes and puts stress on your particular executable by denying freedom to the garbage collector to reduce fragmentation as needed for best performance.
Note: when using SecureArray in the browser (for example, under Blazor or UnoPlatform), the memory cannot be locked into RAM so SecureArray does its best effort to protect the data by zeroing the buffer when it is disposed.
Note similarly: when using SecureArray in a Universal Windows Platform (UWP)
application, I have yet to figure out how to use the supposedly available
VirtualAllocFromApp() system call to lock memory into RAM so SecureArray does
its best effort to protect the data by zeroing the buffer when it is disposed.
Always dispose of your SecureArrays.
API GENERATION
The API Documentation at https://mheyman.github.io/Isopoh.Cryptography.Argon2 gets generated automatically upon build. This happens via a dummy C# "Doc" project that uses the NuGet package to produce the API documentation.