You can wipe out the buffer if you like after use, even with C#. Here is a handy helper:
public static class BufferExtensions
{
public async static Task ClearContentsAsync(this IBuffer buff)
{
var writer = new DataWriter(buff.AsStream().AsOutputStream());
for (var i = 0; i < buff.Capacity; i++)
writer.WriteByte(42);
await writer.StoreAsync();
}
}
Use it like this:
var buff = CryptographicBuffer.GenerateRandom(20);
var before = buff.ToArray();
await buff.ClearContentsAsync();
var after = buff.ToArray();
Debug.WriteLine("{0},{1},{2} - {3},{4},{5}",
before[0], before[1], before[2], after[0], after[1], after[2]);
Note that the values in before
(copy taken before clearing) are random, but the values in after
(copy taken after clearing) are all 42. You can of course use a different value of your choice :-).
1
solved How should IBuffer objects generated through Windows.Security.Cryptography be managed securely?